CVE-2026-1200
Received Received - Intake
Segmentation Fault in live555 `increaseBufferTo` Causes Memory Corruption

Publication date: 2026-02-18

Last updated on: 2026-02-18

Assigner: Fedora Project

Description
A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1200
EUVD
EUVD-2026-7924
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
rgaufman live555 *
rgaufman live555 1.13
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-824 The product accesses or uses a pointer that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1200 is a vulnerability in the rgaufman/live555 fork of the live555 streaming media library. It occurs in the function increaseBufferTo, where a segmentation fault can be triggered due to the use of uninitialized memory values. These uninitialized values come from both stack and heap allocations and cause conditional jumps or moves that lead to undefined behavior.

This flaw can cause the software to crash, lead to memory corruption, and potentially allow remote code execution. The issue affects several components related to RTSP streaming, including OnDemandServerMediaSubsession, RTSPServer::RTSPClientSession, and WAVAudioFileServerMediaSubsession.

Impact Analysis

This vulnerability can impact you by causing the live555 streaming media software to crash unexpectedly due to segmentation faults.

More seriously, it can lead to memory corruption, which might allow an attacker to execute arbitrary code remotely on the affected system.

Such impacts could disrupt streaming services, compromise system stability, and potentially lead to unauthorized access or control over the affected server.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for segmentation faults or crashes in the live555 media streaming library, specifically related to the increaseBufferTo function.

Valgrind memory analysis tools can be used to detect uninitialized value usage that leads to this vulnerability.

  • Run Valgrind on the live555 server binary to check for conditional jumps or moves depending on uninitialized values, especially in functions like increaseBufferTo, OnDemandServerMediaSubsession::getStreamParameters, and WAVAudioFileServerMediaSubsession::createNew.
  • Use test programs such as testOnDemandRTSPServer with Valgrind or afl-net replay tools to reproduce the fault and detect the vulnerability.
  • Monitor system logs for segmentation faults or crashes related to live555 processes.
Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1200. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart