A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. http://lists.live555.com/pipermail/live-devel/2023-June/022331.html http://www.live555.com/liveMedia/public/changelog.txt
Created live555 tracking bugs for this issue: Affects: fedora-all [bug 2258055]
We never had a vulnerable version in Fedora or EPEL. 2023.06.20 was imported and this was fixed in 2023.06.14: http://lists.live555.com/pipermail/live-devel/2023-June/022332.html http://www.live555.com/liveMedia/public/changelog.txt ... 2023.06.14: - Fixed a bug in the Matroska file parsing code that could sometimes cause a 'use after free' error. (Thanks to Meng Ruijie, Martin Mirchev, and "jerry testing" for reporting this.)
In reply to comment #2: > We never had a vulnerable version in Fedora or EPEL. 2023.06.20 was imported > and this was fixed in 2023.06.14: > > http://lists.live555.com/pipermail/live-devel/2023-June/022332.html > > http://www.live555.com/liveMedia/public/changelog.txt > ... > 2023.06.14: > - Fixed a bug in the Matroska file parsing code that could sometimes cause a > 'use after free' > error. (Thanks to Meng Ruijie, Martin Mirchev, and "jerry testing" for > reporting this.) Hey Dominik, Thanks for letting me know.