|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-08-18 | |
| Rule Name: | FFmpeg Arbitrary File Read Vulnerability (CVE-2016-1897) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:80501 http://habrahabr.ru/company/mailru/blog/274855 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html http://security.stackexchange.com/questions/110644 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: http://ffmpeg.org/ |