Back to search
CVE-2016-1898
Published: Jan 15, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2016:0243
vendor-advisory
x_refsource_SUSE
1034932
vdb-entry
x_refsource_SECTRACK
GLSA-201705-08
vendor-advisory
x_refsource_GENTOO
80501
vdb-entry
x_refsource_BID
USN-2944-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20160114 Re: Fwd: FFmpeg: stealing local files with HLS+concat
mailing-list
x_refsource_MLIST
SSA:2016-034-02
vendor-advisory
x_refsource_SLACKWARE
DSA-3506
vendor-advisory
x_refsource_DEBIAN
http://habrahabr.ru/company/mailru/blog/274855
x_refsource_MISC
GLSA-201606-09
vendor-advisory
x_refsource_GENTOO
VU#772447
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now