Описание
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ffmpeg | fixed | 7:7.1.1-1 | package | |
| ffmpeg | postponed | bookworm | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2334336
Fixed by: https://github.com/FFmpeg/FFmpeg/commit/4c96d6bf75357ab13808efc9f08c1b41b1bf5bdf (master)
Fixed by: https://github.com/FFmpeg/FFmpeg/commit/c3c7ecfe48d464a0b06564f2e92504b1d9c91d69 (n7.1.1)
Fixed by: https://github.com/FFmpeg/FFmpeg/commit/097131a6474bd6294ff337fa92025df60dff907a (n5.1.7)
EPSS
Связанные уязвимости
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
Уязвимость мультимедийной библиотеки FFmpeg, связанная с неправильным контролем идентификаторов ресурсов («внедрение ресурсов»), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и нарушить её целостность
EPSS