Zlmediakit: >> Zlmediakit Security Vulnerabilities
ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload (0xFF, all flags set) causes the parser to read past the end of the allocated buffer, resulting in a heap-buffer-overflow. This vulnerability is fixed with commit 435dcbcbbf700fd63b2ca9eac6cef3b5ea75169d.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-04-06
Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-09-11
ZLMediaKit 4.0 is vulnerable to Directory Traversal.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-05-25
An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-08-30