5 matches found
yt-dlp: Arbitrary code execution via manifest downloads with aria2c
Summary If aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code...
External Control of File Name or Path
Overview streamlink is a Streamlink is a command-line utility that extracts streams from various services and pipes them into a video player of choice. Affected versions of this package are vulnerable to External Control of File Name or Path via the parsing process for HLS and DASH playlists or...
CVE-2025-59728
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...
The vulnerability of the gf_dash_group_get_audio_channels() function (media_tools/dash_client.c) in the MP4Box utility of the GPAC multimedia platform allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the gfdashgroupgetaudiochannels function mediatools/dashclient.c in the MP4Box utility of the GPAC multimedia platform is related to the pointer manipulation during the processing of DASH manifests. Exploiting this vulnerability could allow an attacker to execute arbitrary co...
The vulnerability of the gf_dash_group_get_audio_channels() function (media_tools/dash_client.c) in the MP4Box utility of the GPAC multimedia platform allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the gfdashgroupgetaudiochannels function mediatools/dashclient.c in the MP4Box utility of the GPAC multimedia platform is related to the pointer manipulation during the processing of DASH manifests. Exploiting this vulnerability could allow an attacker to execute arbitrary co...