To ensure the correctness of the version, I modified the dockerfile, "wget http://www.live555.com/liveMedia/public/live555-latest.tar.gz", and the heap-use-after-free bug did exsit. Meanwhile, I compared it with the previous CVE lists, and it is not include.
The live555 is compiled with clang. If it is compiled with gcc, the crash will not happen.
And it is also verified in the case of non docker.
On 10/20/2021 08:32,Ross Finlayson<finlay...@live555.com> wrote:
Thank you for the report.
Unfortunately I was not able to reproduce this with the latest version of our software.
Are you sure that you’re using the latest version of the LIVE555 software; see http://live555.com/liveMedia/faq.html#latest-version ? A bug similar to this was fixed in August of this year.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
_______________________________________________
live-devel mailing list
live-devel@lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel
_______________________________________________ live-devel mailing list live-devel@lists.live555.com http://lists.live555.com/mailman/listinfo/live-devel
