11 matches found
SUSE CVE-2016-1898
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file...
FFmpeg 2.x版本服务器端请求伪造漏洞
详情来源 :ffmpeg SSRF漏洞分析 ffmpeg得反应很快,1月16日就发布了修复版本。 漏洞影响 如果ffmpeg解析了一个恶意的文件,会导致本地的文件信息泄露。受影响的出了ctf中这个在线视频格式转换的服务外,如果是采用ffmpeg了客户端如果可以输入恶意文件也会造成本地文件信息泄露。 漏洞分析 change log中提到了两个CVE CVE-2016-1897和CVE-2016-1898。 CVE-2016-1897 FFmpeg 2.x版本允许攻击者通过服务器端请求伪造SSRF:Server-Side Request Forgery...
[SECURITY] [DSA 3506-1] libav security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3506-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 04, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3506-1 (libav - security update)
Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. OpenVAS Vulnerability Test $Id: deb3506.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3506-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks...
Updated ffmpeg packages fix security vulnerabilities
Updated ffmpeg packages fix security vulnerabilities: FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains the first li...
openSUSE: Security Advisory for ffmpeg (openSUSE-SU-2016:0243-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ffmpeg and Libav cross-domain information disclosure vulnerability
Overview ffmpeg is a "cross-platform solution to record, convert and stream audio and video". ffmpeg is vulnerable to local file disclosure due to improper enforcement of domain restrictions when processing playlist files. Description CWE-201: Information Exposure Through Sent Data- CVE-2016-1897...
CVE-2016-1898
CVE-2016-1898 affects FFmpeg 2.x (and Libav fork) where processing an HLS M3U8 playlist can cause an external HTTP request whose URL contains a line from a local file, enabling cross-origin information disclosure. The vulnerability is triggered by the subfile protocol in M3U8 (and the related con...
CVE-2016-1898
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file...
CVE-2016-1898
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file...
CVE-2016-1898
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file...