Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 572050 - media-video/ffmpeg allows exfiltration of system files
Summary: media-video/ffmpeg allows exfiltration of system files
Status: RESOLVED DUPLICATE of bug 571868
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-16 01:35 UTC by Linear Systems Tech Svcs.
Modified: 2016-01-16 01:47 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Linear Systems Tech Svcs. 2016-01-16 01:35:57 UTC 
A recently published vulnerability in the httpapple/HLS demuxer in ffmpeg will allow an attacker to craft a media file to get system files sent out of the target system.


The original post (in Russian, with exploit code examples):

http://habrahabr.ru/company/mailru/blog/274855/


Google translation of the page:

https://translate.google.com/translate?sl=ru&tl=en&u=http%3A%2F%2Fhabrahabr.ru%2Fcompany%2Fmailru%2Fblog%2F274855%2F


Post on ArchLinux bugzilla:

https://bugs.archlinux.org/task/47738


Post of a write-up for a CTF challenge using the vulnerability (from 2 months ago):

https://github.com/ctfs/write-ups-2015/tree/master/9447-ctf-2015/web/super-turbo-atomic-gif-converter
Comment 1 Brian Evans (RETIRED) gentoo-dev 2016-01-16 01:47:09 UTC 

*** This bug has been marked as a duplicate of bug 571868 ***