Описание
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file.
Ссылки
- ExploitIssue TrackingPatch
- ExploitIssue TrackingPatch
Уязвимые конфигурации
Конфигурация 1Версия до 0.7.0 (включая)
cpe:2.3:a:bramp:ffmpeg-cli-wrapper:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00096
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>
EPSS
Процентиль: 27%
0.00096
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-94