CVE-2025-65408
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-01

Last updated on: 2025-12-02

Assigner: MITRE

Description
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-01
Last Modified
2025-12-02
Generated
2026-06-16
AI Q&A
2025-12-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65408
EUVD
EUVD-2025-200068
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
live555 streaming_media 2018.09.02
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02. It occurs when an attacker supplies a specially crafted ADTS file, which causes the software to attempt to access a NULL pointer, leading to a crash or Denial of Service (DoS).

Impact Analysis

The vulnerability can cause a Denial of Service (DoS) condition, meaning that the affected Live555 Streaming Media service could crash or become unavailable when processing a maliciously crafted ADTS file. This could disrupt streaming media services relying on this software.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65408. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart