LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-04T00:00:00

Updated: 2024-08-07T16:11:06.136Z

Reserved: 2008-01-03T00:00:00

Link: CVE-2007-6628

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-01-04T00:46:00.000

Modified: 2024-11-21T00:40:38.157

Link: CVE-2007-6628

cve-icon Redhat

No data.