5.5

CVE-2016-1898

Exploit

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version2.0
FfmpegFfmpeg Version2.0.1
FfmpegFfmpeg Version2.0.2
FfmpegFfmpeg Version2.0.3
FfmpegFfmpeg Version2.0.4
FfmpegFfmpeg Version2.0.5
FfmpegFfmpeg Version2.0.6
FfmpegFfmpeg Version2.0.7
FfmpegFfmpeg Version2.1
FfmpegFfmpeg Version2.1.1
FfmpegFfmpeg Version2.1.2
FfmpegFfmpeg Version2.1.3
FfmpegFfmpeg Version2.1.4
FfmpegFfmpeg Version2.1.5
FfmpegFfmpeg Version2.1.6
FfmpegFfmpeg Version2.1.7
FfmpegFfmpeg Version2.1.8
FfmpegFfmpeg Version2.2
FfmpegFfmpeg Version2.2.1
FfmpegFfmpeg Version2.2.2
FfmpegFfmpeg Version2.2.3
FfmpegFfmpeg Version2.2.4
FfmpegFfmpeg Version2.2.5
FfmpegFfmpeg Version2.2.6
FfmpegFfmpeg Version2.2.7
FfmpegFfmpeg Version2.2.8
FfmpegFfmpeg Version2.2.9
FfmpegFfmpeg Version2.2.10
FfmpegFfmpeg Version2.2.11
FfmpegFfmpeg Version2.2.12
FfmpegFfmpeg Version2.2.13
FfmpegFfmpeg Version2.2.14
FfmpegFfmpeg Version2.2.15
FfmpegFfmpeg Version2.2.16
FfmpegFfmpeg Version2.3
FfmpegFfmpeg Version2.3.1
FfmpegFfmpeg Version2.3.2
FfmpegFfmpeg Version2.3.3
FfmpegFfmpeg Version2.3.4
FfmpegFfmpeg Version2.3.5
FfmpegFfmpeg Version2.3.6
FfmpegFfmpeg Version2.4
FfmpegFfmpeg Version2.4.1
FfmpegFfmpeg Version2.4.2
FfmpegFfmpeg Version2.4.3
FfmpegFfmpeg Version2.4.4
FfmpegFfmpeg Version2.4.5
FfmpegFfmpeg Version2.4.6
FfmpegFfmpeg Version2.4.7
FfmpegFfmpeg Version2.4.8
FfmpegFfmpeg Version2.4.9
FfmpegFfmpeg Version2.4.10
FfmpegFfmpeg Version2.4.11
FfmpegFfmpeg Version2.4.12
FfmpegFfmpeg Version2.5
FfmpegFfmpeg Version2.5.1
FfmpegFfmpeg Version2.5.2
FfmpegFfmpeg Version2.5.3
FfmpegFfmpeg Version2.5.4
FfmpegFfmpeg Version2.5.5
FfmpegFfmpeg Version2.5.6
FfmpegFfmpeg Version2.5.7
FfmpegFfmpeg Version2.5.8
FfmpegFfmpeg Version2.5.9
FfmpegFfmpeg Version2.6
FfmpegFfmpeg Version2.6.1
FfmpegFfmpeg Version2.6.2
FfmpegFfmpeg Version2.6.3
FfmpegFfmpeg Version2.6.4
FfmpegFfmpeg Version2.6.5
FfmpegFfmpeg Version2.6.6
FfmpegFfmpeg Version2.7
FfmpegFfmpeg Version2.7.1
FfmpegFfmpeg Version2.7.2
FfmpegFfmpeg Version2.7.3
FfmpegFfmpeg Version2.7.4
FfmpegFfmpeg Version2.8
FfmpegFfmpeg Version2.8 Updatedev
FfmpegFfmpeg Version2.8.1
FfmpegFfmpeg Version2.8.2
FfmpegFfmpeg Version2.8.3
FfmpegFfmpeg Version2.8.4
CanonicalUbuntu Linux Version12.04 SwEditionlts
OpensuseLeap Version42.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.2% 0.964
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.