Xiaobo,
Many thanks for reporting this. The problem was not the call to “sscanf()”
(because the buffer being read into is guaranteed to be large enough), but the
subsequent call to “sprintf()” (using a fixed buffer size of 100).
I have now installed a new version (2020.07.09) of the “LIVE555 S
[summary]
In the latest version of live555 mediaserver, there is a stack based buffer
overflow vulnerability when parsing 'PLAY' command.
An attacker is able to send a sequence of malformed RTSP packets to trigger
this issue. In the worst case, the media server running this service can be
exploite
> On Jul 9, 2020, at 7:02 AM, Matthew Czarnek wrote:
>
> It does seem like a good idea to be setting "profile-level-id" I could
> definitely see us using it.. is there an easy way to set that?
Once again, the “profile-level-id” comes automatically from the SPS NAL unit,
so you don’t need to
Thank you Ross, your information and the additional info from Camille Aimez is
the ticket to my needs.
Been running stress tests with a looping variant of the Live555MediaServer, and
am seriously impressed by Live555 all over again.
Blake Senftner
Sr. Software Scientist | CyberExtruder
bsenft
Thank you for the quick replies, Ross & Mathew.
>> Q1: Does anyone know of or have their own Live555 tutorial, blog or related
>> resource to learn this code base better? Any books?
>
>No. As described in our FAQ (which everyone is asked to read before posting
>to the mailing list :-), all
Thanks Ross, whoops, it was indeed my variable.. that's what I get for
naming it similar to how you name your variables :)
I didn't make any changes to that part of the code that parses the sprop,
then passes it into H264VideoRTPSink, so I'm not sure why that was
happening and it's weird that it s
Personally, though I haven't found wonderful through compiled
documentation(would be nice), Ross is extremely good at supporting the
project and I have been able to find answer to most problems I've
encountered by search google and finding a similar question Ross has
answered for someone else OR se
> On Jul 9, 2020, at 1:20 AM, Blake Senftner
> wrote:
>
> Q1: Does anyone know of or have their own Live555 tutorial, blog or related
> resource to learn this code base better? Any books?
No. As described in our FAQ (which everyone is asked to read before posting to
the mailing list :-),
Hello Live-Devel,
First off, I am extremely impressed by what I find in the Live555 source code.
Fantastic job and a standing ovation to the responsible.
I am an experienced C/C++ developer new to the Live555 code base. I work at a
video security software company as a senior developer.
Having