CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

SUSE CVE•added 2023/02/15 5:7 a.m.•4 views

SUSE CVE-2016-1898

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming HLS M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file...

5.5CVSS8.7AI score0.27831EPSS

Exploits2References4

Hacker One•added 2016/02/11 10:23 a.m.•557 views

Imgur: SSRF and local file read in video to gif converter

Video to gif converter on http://imgur.com/vidgif uses Lavf/55.48.100 with network options enabled. It makes possible SSRF by uploading specially crafted playlist. For example we can use mp4 file http://yngwie.ru/1.mp4 EXTM3U EXT-X-MEDIA-SEQUENCE:0 EXTINF:10.0, http://yngwie.ru/2.mp4 EXT-X-ENDLIS...

0.4AI score

Exploits0

ArchLinux•added 2016/01/17 12:0 a.m.•45 views

ffmpeg: information leakage

A vulnerability in the way FFmpeg handles the concat CVE-2016-1897 and subfile CVE-2016-1898 protocols in a HTTP Live Streaming HLS M3U8 file allows a remote attacker to conduct a cross-origin attacks, and to access arbitrary local files on the vulnerable host. The attack uses a crafted M3U8 file...

4.3CVSS1.7AI score0.52104EPSS

Exploits3References4

Prion•added 2016/01/15 3:59 a.m.•22 views

Xxe

4.3CVSS6.8AI score0.27831EPSS

Exploits2References11Affected Software3

CVE•added 2016/01/15 2:0 a.m.•88 views

CVE-2016-1898

CVE-2016-1898 affects FFmpeg 2.x (and Libav fork) where processing an HLS M3U8 playlist can cause an external HTTP request whose URL contains a line from a local file, enabling cross-origin information disclosure. The vulnerability is triggered by the subfile protocol in M3U8 (and the related con...

5.5CVSS5.5AI score0.27831EPSS

Exploits2References11Affected Software1