5.5

CVE-2016-1897

Exploit
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version2.0
FfmpegFfmpeg Version2.0.1
FfmpegFfmpeg Version2.0.2
FfmpegFfmpeg Version2.0.3
FfmpegFfmpeg Version2.0.4
FfmpegFfmpeg Version2.0.5
FfmpegFfmpeg Version2.0.6
FfmpegFfmpeg Version2.0.7
FfmpegFfmpeg Version2.1
FfmpegFfmpeg Version2.1.1
FfmpegFfmpeg Version2.1.2
FfmpegFfmpeg Version2.1.3
FfmpegFfmpeg Version2.1.4
FfmpegFfmpeg Version2.1.5
FfmpegFfmpeg Version2.1.6
FfmpegFfmpeg Version2.1.7
FfmpegFfmpeg Version2.1.8
FfmpegFfmpeg Version2.2
FfmpegFfmpeg Version2.2.1
FfmpegFfmpeg Version2.2.2
FfmpegFfmpeg Version2.2.3
FfmpegFfmpeg Version2.2.4
FfmpegFfmpeg Version2.2.5
FfmpegFfmpeg Version2.2.6
FfmpegFfmpeg Version2.2.7
FfmpegFfmpeg Version2.2.8
FfmpegFfmpeg Version2.2.9
FfmpegFfmpeg Version2.2.10
FfmpegFfmpeg Version2.2.11
FfmpegFfmpeg Version2.2.12
FfmpegFfmpeg Version2.2.13
FfmpegFfmpeg Version2.2.14
FfmpegFfmpeg Version2.2.15
FfmpegFfmpeg Version2.2.16
FfmpegFfmpeg Version2.3
FfmpegFfmpeg Version2.3.1
FfmpegFfmpeg Version2.3.2
FfmpegFfmpeg Version2.3.3
FfmpegFfmpeg Version2.3.4
FfmpegFfmpeg Version2.3.5
FfmpegFfmpeg Version2.3.6
FfmpegFfmpeg Version2.4
FfmpegFfmpeg Version2.4.1
FfmpegFfmpeg Version2.4.2
FfmpegFfmpeg Version2.4.3
FfmpegFfmpeg Version2.4.4
FfmpegFfmpeg Version2.4.5
FfmpegFfmpeg Version2.4.6
FfmpegFfmpeg Version2.4.7
FfmpegFfmpeg Version2.4.8
FfmpegFfmpeg Version2.4.9
FfmpegFfmpeg Version2.4.10
FfmpegFfmpeg Version2.4.11
FfmpegFfmpeg Version2.4.12
FfmpegFfmpeg Version2.5
FfmpegFfmpeg Version2.5.1
FfmpegFfmpeg Version2.5.2
FfmpegFfmpeg Version2.5.3
FfmpegFfmpeg Version2.5.4
FfmpegFfmpeg Version2.5.5
FfmpegFfmpeg Version2.5.6
FfmpegFfmpeg Version2.5.7
FfmpegFfmpeg Version2.5.8
FfmpegFfmpeg Version2.5.9
FfmpegFfmpeg Version2.6
FfmpegFfmpeg Version2.6.1
FfmpegFfmpeg Version2.6.2
FfmpegFfmpeg Version2.6.3
FfmpegFfmpeg Version2.6.4
FfmpegFfmpeg Version2.6.5
FfmpegFfmpeg Version2.6.6
FfmpegFfmpeg Version2.7
FfmpegFfmpeg Version2.7.1
FfmpegFfmpeg Version2.7.2
FfmpegFfmpeg Version2.7.3
FfmpegFfmpeg Version2.7.4
FfmpegFfmpeg Version2.8
FfmpegFfmpeg Version2.8 Updatedev
FfmpegFfmpeg Version2.8.1
FfmpegFfmpeg Version2.8.2
FfmpegFfmpeg Version2.8.3
FfmpegFfmpeg Version2.8.4
CanonicalUbuntu Linux Version12.04 SwEditionlts
OpensuseLeap Version42.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.62% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.ubuntu.com/usn/USN-2944-1
https://security.gentoo.org/glsa/201606-09
https://security.gentoo.org/glsa/201705-08
http://habrahabr.ru/company/mailru/blog/274855
Exploit
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html
http://security.stackexchange.com/questions/110644
Exploit
http://www.debian.org/security/2016/dsa-3506
http://www.openwall.com/lists/oss-security/2016/01/14/1
http://www.securityfocus.com/bid/80501
http://www.securitytracker.com/id/1034932
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036
https://www.kb.cert.org/vuls/id/772447