Hello, My name is Sangjun Park, and I am a fuzzing researcher. I have discovered a heap use-after-free (UAF) vulnerability in the live555 streaming media server (version 2024-09-29), running on Ubuntu 20.04. The issue occurs when the server processes a sequence of SETUP -> PLAY -> POST requests from a client, leading to a heap UAF condition. You can easily reproduce the issue by following the steps outlined in the attached README.md file. Additionally, I have provided the ASAN report and a reproducible test case, which you can access via the following link: https://drive.google.com/file/d/19cNjRMTi41Y3wNzg6yCX2xp89NiEakfz/view?usp=sharing Best regards, Sangjun Park
_______________________________________________ live-devel mailing list live-devel@lists.live555.com http://lists.live555.com/mailman/listinfo/live-devel
