CVE-2021-28899: 
Linux Debian vulnerability analysis and mitigation

A vulnerability was discovered in Networks LIVE555 Streaming Media before version 2021.3.16, affecting the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsession subclasses. The vulnerability was disclosed on March 16, 2021, and assigned CVE-2021-28899. The issue affects RTSP server implementations using specific OnDemandServerMediaSubsession subclasses (Live555 Advisory).

The vulnerability received a CVSS v3.1 base score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The issue specifically impacts RTSP servers implementing certain OnDemandServerMediaSubsession subclasses, including AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsession. The DynamicRTSPServer code used by the LIVE555 Media Server is not affected by this vulnerability (NVD).

The vulnerability can lead to high availability impact on affected systems, as indicated by the CVSS metrics. The vulnerability affects the system's availability while having no direct impact on confidentiality or integrity (NVD).

Users are advised to upgrade to LIVE555 Streaming Media version 2021.03.16 or later. This is particularly important for implementations using the affected OnDemandServerMediaSubsession subclasses. Note that the DynamicRTSPServer code used by the LIVE555 Media Server is not vulnerable to this issue (Live555 Advisory).