ByteOS Network

Source-cve@mitre.org

Published At-15 Jan, 2016 | 03:59

Updated At-12 Apr, 2025 | 10:46

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

Hyperlink	Source	Resource
http://habrahabr.ru/company/mailru/blog/274855	cve@mitre.org	Exploit
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html	cve@mitre.org	N/A
http://security.stackexchange.com/questions/110644	cve@mitre.org	Exploit
http://www.debian.org/security/2016/dsa-3506	cve@mitre.org	N/A
http://www.openwall.com/lists/oss-security/2016/01/14/1	cve@mitre.org	N/A
http://www.securityfocus.com/bid/80501	cve@mitre.org	N/A
http://www.securitytracker.com/id/1034932	cve@mitre.org	N/A
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036	cve@mitre.org	N/A
http://www.ubuntu.com/usn/USN-2944-1	cve@mitre.org	N/A
https://security.gentoo.org/glsa/201606-09	cve@mitre.org	N/A
https://security.gentoo.org/glsa/201705-08	cve@mitre.org	N/A
https://www.kb.cert.org/vuls/id/772447	cve@mitre.org	N/A
http://habrahabr.ru/company/mailru/blog/274855	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://security.stackexchange.com/questions/110644	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.debian.org/security/2016/dsa-3506	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.openwall.com/lists/oss-security/2016/01/14/1	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/80501	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1034932	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2944-1	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.gentoo.org/glsa/201606-09	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.gentoo.org/glsa/201705-08	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.kb.cert.org/vuls/id/772447	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History