CVE-2021-38380

7.5 HIGH

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read

Published: 2021-08-10 · Last updated: 2026-06-17

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125

Affected products

Vendor	Product
live555	live555

Description

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.

Source: NVD

References

Related CVEs

Same vendor

CVE-2021-39283 — liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands (5.5 MEDIUM)
CVE-2021-39282 — Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files (7.5 HIGH)
CVE-2021-38382 — Live555 through 1.08 does not handle Matroska and Ogg files properly (6.5 MEDIUM)
CVE-2021-38381 — Live555 through 1.08 does not handle MPEG-1 or 2 files properly (6.5 MEDIUM)

Same CWE

CVE-2026-4367 — A flaw was found in libXpm (5.5 MEDIUM)
CVE-2026-47963 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47934 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47927 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47748 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (5.5 MEDIUM)