CVE-2019-6256
Publication date 14 January 2019
Last updated 25 August 2025
Ubuntu priority
Description
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.
From the Ubuntu Security Team
It was discovered that liveMedia incorrectly handled certain network sessions. An attacker could possibly use this issue to cause a denial of service.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| liblivemedia | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Fixed 2018.11.26-1
|
|
| 18.04 LTS bionic |
Fixed 2018.02.18-1ubuntu0.1~esm1
|
|
| 16.04 LTS xenial |
Fixed 2016.02.09-1ubuntu0.1~esm1
|
|
| 14.04 LTS trusty | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialSeverity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4853-1
- liveMedia vulnerabilities
- 15 March 2021