{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1200", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2026-01-19T14:14:43.363Z", "datePublished": "2026-02-18T20:21:56.282Z", "dateUpdated": "2026-02-18T20:32:58.277Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/rgaufman/live555", "defaultStatus": "unaffected", "packageName": "rgaufman/live555", "product": "rgaufman/live555", "vendor": "https://github.com/rgaufman/live555", "versions": [{"lessThan": "*", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "value": "Red Hat would like to thank ChenYiFan Liu, Yu Liu, and Zhoufan Wen for reporting this issue."}], "datePublic": "2026-01-19T08:08:00.000Z", "descriptions": [{"lang": "en", "value": "A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-824", "description": "Access of Uninitialized Pointer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-02-18T20:24:24.795Z"}, "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-1200"}, {"name": "RHBZ#2430836", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836"}, {"url": "https://github.com/rgaufman/live555/issues/65"}], "timeline": [{"lang": "en", "time": "2026-01-19T14:11:56.712Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-01-19T08:08:00.000Z", "value": "Made public."}], "title": "Remote code execution via segmentation fault in increasebufferto function", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "x_redhatCweChain": "CWE-824: Access of Uninitialized Pointer"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-18T20:32:41.911600Z", "id": "CVE-2026-1200", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:32:58.277Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1200", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T20:32:41.911600Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-18T20:32:48.643Z"}}], "cna": {"title": "Remote code execution via segmentation fault in increasebufferto function", "credits": [{"lang": "en", "value": "Red Hat would like to thank ChenYiFan Liu, Yu Liu, and Zhoufan Wen for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "https://github.com/rgaufman/live555", "product": "rgaufman/live555", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}], "packageName": "rgaufman/live555", "collectionURL": "https://github.com/rgaufman/live555", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-19T14:11:56.712Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-01-19T08:08:00.000Z", "value": "Made public."}], "datePublic": "2026-01-19T08:08:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1200", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836", "name": "RHBZ#2430836", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/rgaufman/live555/issues/65"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-824", "description": "Access of Uninitialized Pointer"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-02-18T20:24:24.795Z"}, "x_redhatCweChain": "CWE-824: Access of Uninitialized Pointer"}}, "cveMetadata": {"cveId": "CVE-2026-1200", "state": "PUBLISHED", "dateUpdated": "2026-02-18T20:32:58.277Z", "dateReserved": "2026-01-19T14:14:43.363Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2026-02-18T20:21:56.282Z", "assignerShortName": "fedora"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences."}], "id": "CVE-2026-1200", "lastModified": "2026-02-18T21:16:23.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2026-02-18T21:16:23.070", "references": [{"source": "patrick@puiterwijk.org", "url": "https://access.redhat.com/security/cve/CVE-2026-1200"}, {"source": "patrick@puiterwijk.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836"}, {"source": "patrick@puiterwijk.org", "url": "https://github.com/rgaufman/live555/issues/65"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}

{"bugzilla": {"description": "live555: live555: Remote Code Execution via segmentation fault in increaseBufferTo function", "id": "2430836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430836"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-824", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-1200", "public_date": "2026-01-19T08:08:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-1200\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1200\nhttps://github.com/rgaufman/live555/issues/65"], "statement": "This vulnerability is rated Moderate for Red Hat products as it affects the `live555` library, which, when used in a server context, could lead to remote code execution due to a segmentation fault. Exploitation requires a service utilizing the vulnerable `increaseBufferTo` function to be exposed to an attacker.", "threat_severity": "Moderate"}