Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day Vulnerability Discovered In FFmpeg Lets Attackers Steal Files Remotely

Posted by timothy on from the which-point-in-the-stack dept.

prisoninmate writes: A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, has been discovered recently by Russian programmer Maxim Andreev in the current stable builds of the software. It appears to let anyone with the necessary skills hack a computer to read local files on a remote machine and send them over the network using a specially crafted video file. Arch Linux devs already rebuilt their FFmpeg packages without the AppleHTTP and HLS demuxers.

1 of 72 comments (clear)

  1. Very wide impact. by Anonymous+Psychopath · · Score: 5, Informative

    Ffmpeg is used in some capacity in just about every video application I can think of. VLC, Kodi/XBMC, MythTV, Handbrake, Plex...

    --

    Eagles may soar, but weasels don't get sucked into jet engines.