This CVE name corresponds to:
| Entered | Topic |
|---|---|
| 2016-01-17 | ffmpeg -- remote attacker can access local files |
The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.
| Type | Candidate |
| Name | CVE-2016-1898 |
| Phase | Assigned(20160114) |
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.
| Source | Reference |
|---|---|
| MLIST | [oss-security] 20160114 Re: Fwd: FFmpeg: stealing local files with HLS+concat |
| MISC | http://habrahabr.ru/company/mailru/blog/274855 |
| SUSE | openSUSE-SU-2016:0243 |
| UBUNTU | USN-2944-1 |
Copyright © 2005 The MITRE Corporation.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.