Highlights
Denial of Service: 5 prior fixes. Scrutinize any change in this area.
liveMedia/RTSPServer.cpp: most-fixed (2 issues). Treat as high-risk during review.
4 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Auth Bypass: Session-hijacking via commands such as PLAY, PAUSE, and TEARDOWN is possible if authentication checks are not uniformly applied. Developers must guarantee that all state-modifying RTSP commands are gated strictly by authentication validation functions.
Path Traversal: The HTTP command parsing path is susceptible to directory traversal and unauthorized file access if input paths are not sanitized. Canonicalization and validation are required to prevent path escapes and handle null bytes.
Denial of Service: Socket descriptors exceeding FD_SETSIZE can trigger out-of-bounds stack writes in FD_SET/FD_CLR macros. Strict descriptor bounds-checking is necessary before registering network events in the scheduler.