CVE-2026-1200
Segmentation Fault in live555 `increaseBufferTo` Causes Memory Corruption
Publication date: 2026-02-18
Last updated on: 2026-02-18
Assigner: Fedora Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rgaufman | live555 | * |
| rgaufman | live555 | 1.13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-824 | The product accesses or uses a pointer that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1200 is a vulnerability in the rgaufman/live555 fork of the live555 streaming media library. It occurs in the function increaseBufferTo, where a segmentation fault can be triggered due to the use of uninitialized memory values. These uninitialized values come from both stack and heap allocations and cause conditional jumps or moves that lead to undefined behavior.
This flaw can cause the software to crash, lead to memory corruption, and potentially allow remote code execution. The issue affects several components related to RTSP streaming, including OnDemandServerMediaSubsession, RTSPServer::RTSPClientSession, and WAVAudioFileServerMediaSubsession.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the live555 streaming media software to crash unexpectedly due to segmentation faults.
More seriously, it can lead to memory corruption, which might allow an attacker to execute arbitrary code remotely on the affected system.
Such impacts could disrupt streaming services, compromise system stability, and potentially lead to unauthorized access or control over the affected server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for segmentation faults or crashes in the live555 media streaming library, specifically related to the increaseBufferTo function.
Valgrind memory analysis tools can be used to detect uninitialized value usage that leads to this vulnerability.
- Run Valgrind on the live555 server binary to check for conditional jumps or moves depending on uninitialized values, especially in functions like increaseBufferTo, OnDemandServerMediaSubsession::getStreamParameters, and WAVAudioFileServerMediaSubsession::createNew.
- Use test programs such as testOnDemandRTSPServer with Valgrind or afl-net replay tools to reproduce the fault and detect the vulnerability.
- Monitor system logs for segmentation faults or crashes related to live555 processes.
What immediate steps should I take to mitigate this vulnerability?
I don't know