Filtered by vendor Zlmediakit
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-35203 | 1 Zlmediakit | 1 Zlmediakit | 2026-04-16 | N/A | 7.5 HIGH |
| ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload (0xFF, all flags set) causes the parser to read past the end of the allocated buffer, resulting in a heap-buffer-overflow. This vulnerability is fixed with commit 435dcbcbbf700fd63b2ca9eac6cef3b5ea75169d. | |||||
| CVE-2023-31861 | 1 Zlmediakit | 1 Zlmediakit | 2025-01-16 | N/A | 7.5 HIGH |
| ZLMediaKit 4.0 is vulnerable to Directory Traversal. | |||||
| CVE-2023-39067 | 1 Zlmediakit | 1 Zlmediakit | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL. | |||||
| CVE-2022-37237 | 1 Zlmediakit | 1 Zlmediakit | 2024-11-21 | N/A | 7.5 HIGH |
| An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327. | |||||