My name is Sangjun Park, and I am a fuzzing researcher. I have discovered a stack-use-after-return vulnerability in the live555 streaming media server (version 2024-09-29) running on Ubuntu 20.04. The issue occurs when the server processes a sequence of SETUP and other client requests, leading to a stack-use-after-return condition. You can easily reproduce the bug by following the instructions in the attached README.md file. Please note that ASAN must be activated to reproduce the issue in this case. Additionally, I have attached the ASAN report and a reproducible test case, which can be accessed via the following link: https://drive.google.com/file/d/18z4jdK_hbBg5DB7TarwaRC3IJjeLuKnK/view?usp=sharing Best regards, Sangjun Park
_______________________________________________ live-devel mailing list live-devel@lists.live555.com http://lists.live555.com/mailman/listinfo/live-devel
