Lucene search

K
archlinuxArch LinuxASA-201601-17
HistoryJan 17, 2016 - 12:00 a.m.

ffmpeg: information leakage

2016-01-1700:00:00
Arch Linux
lists.archlinux.org
23

0.005 Low

EPSS

Percentile

77.2%

A vulnerability in the way FFmpeg handles the concat (CVE-2016-1897) and
subfile (CVE-2016-1898) protocols in a HTTP Live Streaming (HLS) M3U8
file allows a remote attacker to conduct a cross-origin attacks, and to
access arbitrary local files on the vulnerable host. The attack uses a
crafted M3U8 file to make FFmpeg send a HTTP request to an external
server, with the URL containing data from arbitrary local files.

OSVersionArchitecturePackageVersionFilename
anyanyanyffmpeg< 1:2.8.4-3UNKNOWN