{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1200", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2026-01-19T14:14:43.363Z", "datePublished": "2026-02-18T20:21:56.282Z", "dateUpdated": "2026-02-18T20:32:58.277Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/rgaufman/live555", "defaultStatus": "unaffected", "packageName": "rgaufman/live555", "product": "rgaufman/live555", "vendor": "https://github.com/rgaufman/live555", "versions": [{"lessThan": "*", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "value": "Red Hat would like to thank ChenYiFan Liu, Yu Liu, and Zhoufan Wen for reporting this issue."}], "datePublic": "2026-01-19T08:08:00.000Z", "descriptions": [{"lang": "en", "value": "A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-824", "description": "Access of Uninitialized Pointer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-02-18T20:24:24.795Z"}, "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-1200"}, {"name": "RHBZ#2430836", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836"}, {"url": "https://github.com/rgaufman/live555/issues/65"}], "timeline": [{"lang": "en", "time": "2026-01-19T14:11:56.712Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-01-19T08:08:00.000Z", "value": "Made public."}], "title": "Remote code execution via segmentation fault in increasebufferto function", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "x_redhatCweChain": "CWE-824: Access of Uninitialized Pointer"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T20:32:41.911600Z", "id": "CVE-2026-1200", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:32:58.277Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1200", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T20:32:41.911600Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:32:48.643Z"}}], "cna": {"title": "Remote code execution via segmentation fault in increasebufferto function", "credits": [{"lang": "en", "value": "Red Hat would like to thank ChenYiFan Liu, Yu Liu, and Zhoufan Wen for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "https://github.com/rgaufman/live555", "product": "rgaufman/live555", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}], "packageName": "rgaufman/live555", "collectionURL": "https://github.com/rgaufman/live555", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-19T14:11:56.712Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-01-19T08:08:00.000Z", "value": "Made public."}], "datePublic": "2026-01-19T08:08:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1200", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836", "name": "RHBZ#2430836", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/rgaufman/live555/issues/65"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-824", "description": "Access of Uninitialized Pointer"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-02-18T20:24:24.795Z"}, "x_redhatCweChain": "CWE-824: Access of Uninitialized Pointer"}}, "cveMetadata": {"cveId": "CVE-2026-1200", "state": "PUBLISHED", "dateUpdated": "2026-02-18T20:32:58.277Z", "dateReserved": "2026-01-19T14:14:43.363Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2026-02-18T20:21:56.282Z", "assignerShortName": "fedora"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences."}, {"lang": "es", "value": "Se encontr\u00f3 un error en el fork rgaufman/live555 de live555. Un atacante remoto podr\u00eda explotar un fallo de segmentaci\u00f3n en la funci\u00f3n 'increaseBufferTo'. Esta vulnerabilidad puede provocar problemas de corrupci\u00f3n de memoria y potencialmente otras consecuencias."}], "id": "CVE-2026-1200", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2026-02-18T21:16:23.070", "references": [{"source": "patrick@puiterwijk.org", "url": "https://access.redhat.com/security/cve/CVE-2026-1200"}, {"source": "patrick@puiterwijk.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836"}, {"source": "patrick@puiterwijk.org", "url": "https://github.com/rgaufman/live555/issues/65"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}

{"bugzilla": {"description": "live555: live555: Remote Code Execution via segmentation fault in increaseBufferTo function", "id": "2430836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-824", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-1200", "public_date": "2026-01-19T08:08:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-1200\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1200\nhttps://github.com/rgaufman/live555/issues/65"], "statement": "This vulnerability is rated Moderate for Red Hat products as it affects the `live555` library, which, when used in a server context, could lead to remote code execution due to a segmentation fault. Exploitation requires a service utilizing the vulnerable `increaseBufferTo` function to be exposed to an attacker.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-17T18:30:43.521108+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011supplied patch for rgaufman/live555 as soon as it is released.", "If a patch is not yet available, limit exposure by restricting network access to services that use the Live555 fork to trusted networks or hosts.", "Consider enabling memory protection mechanisms such as ASLR, stack canaries, and address\u2011space layout randomization on the host to reduce the likelihood of successful exploitation.", "Monitor vendor advisories and update the application when the issue is remediated."], "summary": {"action": "Assess Impact", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is the rgaufman/live555 fork of Live555. No specific version identifiers are provided in the CNA data, so any installation of this repository that has not been updated to a fixed version is potentially vulnerable.", "description_and_impact": "A flaw in the rgaufman/live555\u2014an open\u2011source fork of the Live555 media streaming library\u2014allows a remote attacker to trigger a segmentation fault in the increaseBufferTo function. The resulting memory corruption may enable arbitrary code execution or other unintended behavior. The weakness is classified as CWE\u2011824 and presents moderate risk, with a CVSS score of 6.3 that reflects potential impacts on confidentiality, integrity, and availability if fully exploited.", "risk_and_exploitability": "With a CVSS score of 6.3 and an EPSS value of less than 1\u202f%, the likelihood of exploitation is low, and it is not currently documented in CISA\u2019s KEV catalog. However, the vulnerability can be triggered by remote input that reaches the damaged code path, so a network\u2011based attacker could send crafted packets to the media server component. No official patch or workaround is available, and the CNA indicates that mitigations do not meet Red\u202fHat\u2019s deployment criteria. The only realistic defence currently is to prevent the vulnerable code from receiving untrusted data or to apply a vendor\u2011generated patch once it becomes available."}}}}, "created": "2026-04-17T18:45:25.535386+00:00", "updated": "2026-04-17T18:45:25.535399+00:00", "vendors": []}