Zero-Day Vulnerability Discovered In FFmpeg Lets Attackers Steal Files Remotely

prisoninmate writes: A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, has been discovered recently by Russian programmer Maxim Andreev in the current stable builds of the software. It appears to let anyone with the necessary skills hack a computer to read local files on a remote machine and send them over the network using a specially crafted video file. Arch Linux devs already rebuilt their FFmpeg packages without the AppleHTTP and HLS demuxers.

Re:Very wide impact.

[fluffernutter]

But the question is, how easy is it to end up playing a 'specially crafted file' if you're playing video in VLC or Kodi? I mean, understood that any website could have an ad video that plays and opens up this connection but what is the reality of the risk for standalone players?