CVE-2016-1897

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
Severity
MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Atk. Vector
LOCAL
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
ffmpegffmpeg
2.0
ffmpegffmpeg
2.0.1
ffmpegffmpeg
2.0.2
ffmpegffmpeg
2.0.3
ffmpegffmpeg
2.0.4
ffmpegffmpeg
2.0.5
ffmpegffmpeg
2.0.6
ffmpegffmpeg
2.0.7
ffmpegffmpeg
2.1
ffmpegffmpeg
2.1.1
ffmpegffmpeg
2.1.2
ffmpegffmpeg
2.1.3
ffmpegffmpeg
2.1.4
ffmpegffmpeg
2.1.5
ffmpegffmpeg
2.1.6
ffmpegffmpeg
2.1.7
ffmpegffmpeg
2.1.8
ffmpegffmpeg
2.2
ffmpegffmpeg
2.2.1
ffmpegffmpeg
2.2.2
ffmpegffmpeg
2.2.3
ffmpegffmpeg
2.2.4
ffmpegffmpeg
2.2.5
ffmpegffmpeg
2.2.6
ffmpegffmpeg
2.2.7
ffmpegffmpeg
2.2.8
ffmpegffmpeg
2.2.9
ffmpegffmpeg
2.2.10
ffmpegffmpeg
2.2.11
ffmpegffmpeg
2.2.12
ffmpegffmpeg
2.2.13
ffmpegffmpeg
2.2.14
ffmpegffmpeg
2.2.15
ffmpegffmpeg
2.2.16
ffmpegffmpeg
2.3
ffmpegffmpeg
2.3.1
ffmpegffmpeg
2.3.2
ffmpegffmpeg
2.3.3
ffmpegffmpeg
2.3.4
ffmpegffmpeg
2.3.5
ffmpegffmpeg
2.3.6
ffmpegffmpeg
2.4
ffmpegffmpeg
2.4.1
ffmpegffmpeg
2.4.2
ffmpegffmpeg
2.4.3
ffmpegffmpeg
2.4.4
ffmpegffmpeg
2.4.5
ffmpegffmpeg
2.4.6
ffmpegffmpeg
2.4.7
ffmpegffmpeg
2.4.8
ffmpegffmpeg
2.4.9
ffmpegffmpeg
2.4.10
ffmpegffmpeg
2.4.11
ffmpegffmpeg
2.4.12
ffmpegffmpeg
2.5
ffmpegffmpeg
2.5.1
ffmpegffmpeg
2.5.2
ffmpegffmpeg
2.5.3
ffmpegffmpeg
2.5.4
ffmpegffmpeg
2.5.5
ffmpegffmpeg
2.5.6
ffmpegffmpeg
2.5.7
ffmpegffmpeg
2.5.8
ffmpegffmpeg
2.5.9
ffmpegffmpeg
2.6
ffmpegffmpeg
2.6.1
ffmpegffmpeg
2.6.2
ffmpegffmpeg
2.6.3
ffmpegffmpeg
2.6.4
ffmpegffmpeg
2.6.5
ffmpegffmpeg
2.6.6
ffmpegffmpeg
2.7
ffmpegffmpeg
2.7.1
ffmpegffmpeg
2.7.2
ffmpegffmpeg
2.7.3
ffmpegffmpeg
2.7.4
ffmpegffmpeg
2.8
ffmpegffmpeg
2.8
ffmpegffmpeg
2.8.1
ffmpegffmpeg
2.8.2
ffmpegffmpeg
2.8.3
ffmpegffmpeg
2.8.4
canonicalubuntu_linux
12.04
opensuseleap
42.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bullseye
7:4.3.7-0+deb11u1
fixed
bullseye (security)
7:4.3.8-0+deb11u1
fixed
bookworm
7:5.1.6-0+deb12u1
fixed
bookworm (security)
7:5.1.6-0+deb12u1
fixed
sid
7:7.1-3
fixed
trixie
7:7.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ffmpeg
disco
Fixed 7:2.8.6-1ubuntu1
released
cosmic
Fixed 7:2.8.6-1ubuntu1
released
bionic
Fixed 7:2.8.6-1ubuntu1
released
artful
Fixed 7:2.8.6-1ubuntu1
released
zesty
Fixed 7:2.8.6-1ubuntu1
released
yakkety
Fixed 7:2.8.6-1ubuntu1
released
xenial
Fixed 7:2.8.6-1ubuntu1
released
wily
Fixed 7:2.7.5-0ubuntu0.15.10.1
released
vivid
ignored
trusty
dne
precise
dne
libav
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
ignored
trusty
Fixed 6:9.20-0ubuntu0.14.04.1+esm1
released
precise
Fixed 4:0.8.17-0ubuntu0.12.04.2
released