Zero-Day Vulnerability Discovered In FFmpeg Lets Attackers Steal Files Remotely

prisoninmate writes: A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, has been discovered recently by Russian programmer Maxim Andreev in the current stable builds of the software. It appears to let anyone with the necessary skills hack a computer to read local files on a remote machine and send them over the network using a specially crafted video file. Arch Linux devs already rebuilt their FFmpeg packages without the AppleHTTP and HLS demuxers.

Re: why so hung up about arch?

Don't gentoo users choose their own build settings / features by default? What do you want the article to say? "Most gentoo users probably have the problem fixed by themselves already too but we don't really know?"