user/rtmpdump: multiple vulnerabilities
Bugzilla ID | 175 |
Alias(es) | CVE-2015-8270, CVE-2015-8271, CVE-2015-8272 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-08-06 12:54:58 -0500 |
Modified | 2019-09-30 12:11:16 -0500 |
Status | RESOLVED INVALID |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2015-8270: https://nvd.nist.gov/vuln/detail/CVE-2015-8270
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote
RTMP Media servers to cause a denial of service (invalid pointer
dereference and process crash).
CVE-2015-8271: https://nvd.nist.gov/vuln/detail/CVE-2015-8271
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote
RTMP Media servers to execute arbitrary code.
CVE-2015-8272: https://nvd.nist.gov/vuln/detail/CVE-2015-8272
RTMPDump 2.4 allows remote attackers to trigger a denial of service
(NULL pointer dereference and process crash).