Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArch LinuxASA-201601-17
HistoryJan 17, 2016 - 12:00 a.m.

ffmpeg: information leakage

2016-01-1700:00:00
Arch Linux
lists.archlinux.org
22

0.005 Low

EPSS

Percentile

77.2%

JSON

A vulnerability in the way FFmpeg handles the concat (CVE-2016-1897) and
subfile (CVE-2016-1898) protocols in a HTTP Live Streaming (HLS) M3U8
file allows a remote attacker to conduct a cross-origin attacks, and to
access arbitrary local files on the vulnerable host. The attack uses a
crafted M3U8 file to make FFmpeg send a HTTP request to an external
server, with the URL containing data from arbitrary local files.

OSVersionArchitecturePackageVersionFilename
anyanyanyffmpeg<Β 1:2.8.4-3UNKNOWN

Related

freebsd 1
seebug 1
nessus 7
suse 1
hackerone 1
slackware 1
cert 1
f5 2
openvas 6
debian 1
osv 1
mageia 1
ubuntucve 2
nvd 2
cvelist 2
prion 2
cve 2
debiancve 2
gentoo 2
ubuntu 1
freebsd
freebsd
ffmpeg -- remote attacker can access local files
2016-01-13 00:00:00
seebug
seebug
FFmpeg 2.xη‰ˆζœ¬ζœεŠ‘ε™¨η«―θ―·ζ±‚δΌͺι€ ζΌζ΄ž
2016-05-06 00:00:00
nessus
nessus
FreeBSD : ffmpeg -- remote attacker can access local files (046fedd1-bd01-11e5-bbf4-5404a68ad561)
2016-01-19 00:00:00
openSUSE Security Update : ffmpeg (openSUSE-2016-94)
2016-01-27 00:00:00
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : MPlayer (SSA:2016-034-02)
2016-02-04 00:00:00
suse
suse
Security update for ffmpeg (important)
2016-01-25 22:11:11
hackerone
hackerone
Pornhub: [ssrf] libav vulnerable during conversion of uploaded videos
2016-01-17 15:36:02
slackware
slackware
[slackware-security] MPlayer
2016-02-04 00:05:34
cert
cert
ffmpeg and Libav cross-domain information disclosure vulnerability
2016-01-20 00:00:00
f5
f5
SOL03202240 - FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898
2016-02-08 00:00:00
K03202240 : FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898
2016-02-08 00:00:00
openvas
openvas
openSUSE: Security Advisory for ffmpeg (openSUSE-SU-2016:0243-1)
2016-02-02 00:00:00
Slackware: Security Advisory (SSA:2016-034-02)
2022-04-21 00:00:00
Mageia: Security Advisory (MGASA-2016-0060)
2016-02-11 00:00:00
debian
debian
[SECURITY] [DSA 3506-1] libav security update
2016-03-04 20:44:32
osv
osv
libav - security update
2016-03-04 00:00:00
mageia
mageia
Updated ffmpeg packages fix security vulnerabilities
2016-02-09 22:05:34
ubuntucve
ubuntucve
CVE-2016-1898
2016-01-14 00:00:00
CVE-2016-1897
2016-01-14 00:00:00
nvd
nvd
CVE-2016-1898
2016-01-15 03:59:23
CVE-2016-1897
2016-01-15 03:59:23
cvelist
cvelist
CVE-2016-1898
2016-01-15 02:00:00
CVE-2016-1897
2016-01-15 02:00:00
prion
prion
Xxe
2016-01-15 03:59:00
Xxe
2016-01-15 03:59:00
cve
cve
CVE-2016-1898
2016-01-15 03:59:23
CVE-2016-1897
2016-01-15 03:59:23
debiancve
debiancve
CVE-2016-1898
2016-01-15 03:59:23
CVE-2016-1897
2016-01-15 03:59:23
gentoo
gentoo
libav: Multiple vulnerabilities
2017-05-09 00:00:00
FFmpeg: Multiple vulnerabilities
2016-06-18 00:00:00
ubuntu
ubuntu
Libav vulnerabilities
2016-04-04 00:00:00

0.005 Low

EPSS

Percentile

77.2%

JSON
Related for ASA-201601-17
freebsd1seebug1nessus7suse1hackerone1slackware1cert1f52openvas6debian1osv1mageia1ubuntucve2nvd2cvelist2prion2cve2debiancve2gentoo2ubuntu1