ffmpeg vulnerability | ||||||
| posted by Jean-Francois Panisset on Jan. 15, 2016, 9:40 a.m. (1 day ago) | ||||||
| ||||||
| Thread Tags: discuss-at-studiosysadmins | ||||||
| ||||||
According to this: http://news.softpedia.com/news/zero-day-ffmpeg-vulnerability-lets-anyone-steal-files-from-remote-machines-498880.shtml "ffmpeg has a vulnerability in the current version that allows the attacker to create a specially crafted video file, downloading which will send files from a user PC to a remote attacker server. The attack does not even require the user to open that file - for example, KDE Dolphin thumbnail generation is enough. Desktop search indexers (i.e. baloo) could be affected. ffprobe is affected, basically all operations with file that involve ffmpeg reading it are affected," reads an Arch Linux bug report submitted today." JF |