Description
A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.
Published: 2026-02-18
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Assess Impact
AI Analysis

Impact

A flaw in the rgaufman/live555—an open‑source fork of the Live555 media streaming library—allows a remote attacker to trigger a segmentation fault in the increaseBufferTo function. The resulting memory corruption may enable arbitrary code execution or other unintended behavior. The weakness is classified as CWE‑824 and presents moderate risk, with a CVSS score of 6.3 that reflects potential impacts on confidentiality, integrity, and availability if fully exploited.

Affected Systems

The affected product is the rgaufman/live555 fork of Live555. No specific version identifiers are provided in the CNA data, so any installation of this repository that has not been updated to a fixed version is potentially vulnerable.

Risk and Exploitability

With a CVSS score of 6.3 and an EPSS value of less than 1 %, the likelihood of exploitation is low, and it is not currently documented in CISA’s KEV catalog. However, the vulnerability can be triggered by remote input that reaches the damaged code path, so a network‑based attacker could send crafted packets to the media server component. No official patch or workaround is available, and the CNA indicates that mitigations do not meet Red Hat’s deployment criteria. The only realistic defence currently is to prevent the vulnerable code from receiving untrusted data or to apply a vendor‑generated patch once it becomes available.

Generated by OpenCVE AI on April 17, 2026 at 18:30 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied patch for rgaufman/live555 as soon as it is released.
  • If a patch is not yet available, limit exposure by restricting network access to services that use the Live555 fork to trusted networks or hosts.
  • Consider enabling memory protection mechanisms such as ASLR, stack canaries, and address‑space layout randomization on the host to reduce the likelihood of successful exploitation.
  • Monitor vendor advisories and update the application when the issue is remediated.

Generated by OpenCVE AI on April 17, 2026 at 18:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
Title Live555: live555: remote code execution via segmentation fault in increasebufferto function Remote code execution via segmentation fault in increasebufferto function

Wed, 18 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.
Title live555: live555: Remote Code Execution via segmentation fault in increaseBufferTo function Live555: live555: remote code execution via segmentation fault in increasebufferto function
References

Tue, 20 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title live555: live555: Remote Code Execution via segmentation fault in increaseBufferTo function
Weaknesses CWE-824
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

threat_severity

Moderate

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published:

Updated: 2026-02-18T20:32:58.277Z

Reserved: 2026-01-19T14:14:43.363Z

Link: CVE-2026-1200

cve-icon Vulnrichment

Updated: 2026-02-18T20:32:48.643Z

cve-icon NVD

Status : Deferred

Published: 2026-02-18T21:16:23.070

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1200

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-19T08:08:00Z

Links: CVE-2026-1200 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:45:25Z

Weaknesses