Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 9:13 p.m.10 views

yt-dlp: Arbitrary code execution via manifest downloads with aria2c

Summary If aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code...

9.6CVSS6.2AI score0.00406EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/11 2:28 p.m.15 views

External Control of File Name or Path

Overview streamlink is a Streamlink is a command-line utility that extracts streams from various services and pipes them into a video player of choice. Affected versions of this package are vulnerable to External Control of File Name or Path via the parsing process for HLS and DASH playlists or...

7.1CVSS6AI score0.00345EPSS
Exploits1References2
NVD
NVD
added 2025/10/06 8:15 a.m.6 views

CVE-2025-59728

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...

8.7CVSS0.00168EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/07 12:0 a.m.6 views

The vulnerability of the gf_dash_group_get_audio_channels() function (media_tools/dash_client.c) in the MP4Box utility of the GPAC multimedia platform allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the gfdashgroupgetaudiochannels function mediatools/dashclient.c in the MP4Box utility of the GPAC multimedia platform is related to the pointer manipulation during the processing of DASH manifests. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

5.5CVSS6AI score
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/07/07 12:0 a.m.6 views

The vulnerability of the gf_dash_group_get_audio_channels() function (media_tools/dash_client.c) in the MP4Box utility of the GPAC multimedia platform allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the gfdashgroupgetaudiochannels function mediatools/dashclient.c in the MP4Box utility of the GPAC multimedia platform is related to the pointer manipulation during the processing of DASH manifests. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

5.5CVSS6AI score
Exploits0References2Affected Software2
Rows per page
Query Builder