[Bug 206282] multimedia/ffmpeg zero-day vulnerability HLS

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Jan 15 02:58:21 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206282

            Bug ID: 206282
           Summary: multimedia/ffmpeg zero-day vulnerability HLS
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: multimedia at FreeBSD.org
          Reporter: sasamotikomi at gmail.com
          Assignee: multimedia at FreeBSD.org
             Flags: maintainer-feedback?(multimedia at FreeBSD.org)

Attacker can simple put m3u8 in media container and get access to your local
file( for example password).
I recommend build ffmpeg with --disable-network

http://news.softpedia.com/news/zero-day-ffmpeg-vulnerability-lets-anyone-steal-files-from-remote-machines-498880.shtml

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-multimedia mailing list