5.5

CVE-2016-1897

Exploit

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.

Data is provided by the National Vulnerability Database (NVD)
FfmpegFfmpeg Version2.0
FfmpegFfmpeg Version2.0.1
FfmpegFfmpeg Version2.0.2
FfmpegFfmpeg Version2.0.3
FfmpegFfmpeg Version2.0.4
FfmpegFfmpeg Version2.0.5
FfmpegFfmpeg Version2.0.6
FfmpegFfmpeg Version2.0.7
FfmpegFfmpeg Version2.1
FfmpegFfmpeg Version2.1.1
FfmpegFfmpeg Version2.1.2
FfmpegFfmpeg Version2.1.3
FfmpegFfmpeg Version2.1.4
FfmpegFfmpeg Version2.1.5
FfmpegFfmpeg Version2.1.6
FfmpegFfmpeg Version2.1.7
FfmpegFfmpeg Version2.1.8
FfmpegFfmpeg Version2.2
FfmpegFfmpeg Version2.2.1
FfmpegFfmpeg Version2.2.2
FfmpegFfmpeg Version2.2.3
FfmpegFfmpeg Version2.2.4
FfmpegFfmpeg Version2.2.5
FfmpegFfmpeg Version2.2.6
FfmpegFfmpeg Version2.2.7
FfmpegFfmpeg Version2.2.8
FfmpegFfmpeg Version2.2.9
FfmpegFfmpeg Version2.2.10
FfmpegFfmpeg Version2.2.11
FfmpegFfmpeg Version2.2.12
FfmpegFfmpeg Version2.2.13
FfmpegFfmpeg Version2.2.14
FfmpegFfmpeg Version2.2.15
FfmpegFfmpeg Version2.2.16
FfmpegFfmpeg Version2.3
FfmpegFfmpeg Version2.3.1
FfmpegFfmpeg Version2.3.2
FfmpegFfmpeg Version2.3.3
FfmpegFfmpeg Version2.3.4
FfmpegFfmpeg Version2.3.5
FfmpegFfmpeg Version2.3.6
FfmpegFfmpeg Version2.4
FfmpegFfmpeg Version2.4.1
FfmpegFfmpeg Version2.4.2
FfmpegFfmpeg Version2.4.3
FfmpegFfmpeg Version2.4.4
FfmpegFfmpeg Version2.4.5
FfmpegFfmpeg Version2.4.6
FfmpegFfmpeg Version2.4.7
FfmpegFfmpeg Version2.4.8
FfmpegFfmpeg Version2.4.9
FfmpegFfmpeg Version2.4.10
FfmpegFfmpeg Version2.4.11
FfmpegFfmpeg Version2.4.12
FfmpegFfmpeg Version2.5
FfmpegFfmpeg Version2.5.1
FfmpegFfmpeg Version2.5.2
FfmpegFfmpeg Version2.5.3
FfmpegFfmpeg Version2.5.4
FfmpegFfmpeg Version2.5.5
FfmpegFfmpeg Version2.5.6
FfmpegFfmpeg Version2.5.7
FfmpegFfmpeg Version2.5.8
FfmpegFfmpeg Version2.5.9
FfmpegFfmpeg Version2.6
FfmpegFfmpeg Version2.6.1
FfmpegFfmpeg Version2.6.2
FfmpegFfmpeg Version2.6.3
FfmpegFfmpeg Version2.6.4
FfmpegFfmpeg Version2.6.5
FfmpegFfmpeg Version2.6.6
FfmpegFfmpeg Version2.7
FfmpegFfmpeg Version2.7.1
FfmpegFfmpeg Version2.7.2
FfmpegFfmpeg Version2.7.3
FfmpegFfmpeg Version2.7.4
FfmpegFfmpeg Version2.8
FfmpegFfmpeg Version2.8 Updatedev
FfmpegFfmpeg Version2.8.1
FfmpegFfmpeg Version2.8.2
FfmpegFfmpeg Version2.8.3
FfmpegFfmpeg Version2.8.4
CanonicalUbuntu Linux Version12.04 SwEditionlts
OpensuseLeap Version42.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 48.76% 0.977
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.