Debian Linux Security Advisory 4202-1 - OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap based buffer when parsing invalid headers in an RTSP response.
90a8bd88a40752bf5d9068f391d79df7a3cd320bafb58ab2092469b30f208678