Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Local
0

CVE-2016-1898

Disclosure Date: January 15, 2016
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • canonical,
  • ffmpeg,
  • opensuse

Products

  • ffmpeg 2.0,
  • ffmpeg 2.0.1,
  • ffmpeg 2.0.2,
  • ffmpeg 2.0.3,
  • ffmpeg 2.0.4,
  • ffmpeg 2.0.5,
  • ffmpeg 2.0.6,
  • ffmpeg 2.0.7,
  • ffmpeg 2.1,
  • ffmpeg 2.1.1,
  • ffmpeg 2.1.2,
  • ffmpeg 2.1.3,
  • ffmpeg 2.1.4,
  • ffmpeg 2.1.5,
  • ffmpeg 2.1.6,
  • ffmpeg 2.1.7,
  • ffmpeg 2.1.8,
  • ffmpeg 2.2,
  • ffmpeg 2.2.1,
  • ffmpeg 2.2.10,
  • ffmpeg 2.2.11,
  • ffmpeg 2.2.12,
  • ffmpeg 2.2.13,
  • ffmpeg 2.2.14,
  • ffmpeg 2.2.15,
  • ffmpeg 2.2.16,
  • ffmpeg 2.2.2,
  • ffmpeg 2.2.3,
  • ffmpeg 2.2.4,
  • ffmpeg 2.2.5,
  • ffmpeg 2.2.6,
  • ffmpeg 2.2.7,
  • ffmpeg 2.2.8,
  • ffmpeg 2.2.9,
  • ffmpeg 2.3,
  • ffmpeg 2.3.1,
  • ffmpeg 2.3.2,
  • ffmpeg 2.3.3,
  • ffmpeg 2.3.4,
  • ffmpeg 2.3.5,
  • ffmpeg 2.3.6,
  • ffmpeg 2.4,
  • ffmpeg 2.4.1,
  • ffmpeg 2.4.10,
  • ffmpeg 2.4.11,
  • ffmpeg 2.4.12,
  • ffmpeg 2.4.2,
  • ffmpeg 2.4.3,
  • ffmpeg 2.4.4,
  • ffmpeg 2.4.5,
  • ffmpeg 2.4.6,
  • ffmpeg 2.4.7,
  • ffmpeg 2.4.8,
  • ffmpeg 2.4.9,
  • ffmpeg 2.5,
  • ffmpeg 2.5.1,
  • ffmpeg 2.5.2,
  • ffmpeg 2.5.3,
  • ffmpeg 2.5.4,
  • ffmpeg 2.5.5,
  • ffmpeg 2.5.6,
  • ffmpeg 2.5.7,
  • ffmpeg 2.5.8,
  • ffmpeg 2.5.9,
  • ffmpeg 2.6,
  • ffmpeg 2.6.1,
  • ffmpeg 2.6.2,
  • ffmpeg 2.6.3,
  • ffmpeg 2.6.4,
  • ffmpeg 2.6.5,
  • ffmpeg 2.6.6,
  • ffmpeg 2.7,
  • ffmpeg 2.7.1,
  • ffmpeg 2.7.2,
  • ffmpeg 2.7.3,
  • ffmpeg 2.7.4,
  • ffmpeg 2.8,
  • ffmpeg 2.8.1,
  • ffmpeg 2.8.2,
  • ffmpeg 2.8.3,
  • ffmpeg 2.8.4,
  • leap 42.1,
  • ubuntu linux 12.04
Technical Analysis