CVE-2025-65404 – A buffer overflow vulnerability in Live555 Stre... (How to Fix)

📋 TL;DR

A buffer overflow vulnerability in Live555 Streaming Media's getSideInfo2() function allows attackers to cause denial of service by sending specially crafted MP3 streams. This affects systems running vulnerable versions of Live555 that process MP3 streams. Organizations using Live555 for media streaming are potentially impacted.

💻 Affected Systems

Products:

Live555 Streaming Media

Versions: v2018.09.02 and potentially earlier versions

Operating Systems: All platforms running Live555

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems that process MP3 streams through Live555

📦 What is this software?

Streaming Media by Live555

View all CVEs affecting Streaming Media →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Live555 streaming services, potentially affecting dependent applications and services.

🟠

Likely Case

Service crashes and temporary unavailability of media streaming functionality until service restart.

🟢

If Mitigated

Minimal impact with proper network segmentation and input validation controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted MP3 streams to vulnerable service

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Monitor Live555 repository for security updates
2. Apply patch when available
3. Restart affected services

🔧 Temporary Workarounds

Network Filtering

linux

Block or filter MP3 streams at network perimeter

iptables -A INPUT -p tcp --dport [Live555_port] -m string --string "MP3" --algo bm -j DROP

Input Validation

all

Implement proxy or middleware to validate MP3 streams before Live555 processing

🧯 If You Can't Patch

Implement network segmentation to isolate Live555 services
Deploy intrusion detection/prevention systems to monitor for crafted MP3 streams

🔍 How to Verify

Check if Vulnerable:

Check Live555 version and verify if it processes MP3 streams

Check Version:

Check Live555 source code or binary for version information

Verify Fix Applied:

Test with crafted MP3 streams after applying mitigation controls

📡 Detection & Monitoring

Log Indicators:

Live555 service crashes
Abnormal termination logs
Memory access violation errors

Network Indicators:

Unusual MP3 stream patterns
Multiple connection attempts with MP3 data

SIEM Query:

source="live555" AND (event="crash" OR event="segfault")

📊 Metadata

CVE ID: CVE-2025-65404

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: December 1, 2025

Last Updated: December 23, 2025

🔗 References

https://github.com/rgaufman/live555 Product
https://shimo.im/docs/16q8xMxpPlH8Z2q7 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65404, you might also want to check these: