[vlc-devel] [PACKAGERS] libavformat leak security advisory
Rémi Denis-Courmont
remi at remlab.net
Tue Jan 19 21:05:15 CET 2016
On Tuesday 19 January 2016 20:49:35 Michael Niedermayer wrote:
> If you know of a security issue in FFmpeg 2.8.5, please provide details
> about that. I am not aware of a remaining related issue and none
> was reported to ffmpeg-security.
HLS is just one mean of URL indirection. Any redirection or "playlist" format,
and probably some other less obvious means open the same window of attack as
libavformat´s HLS.
The current libavformat concat is essentially an injection vulnerability.
> Also if you have a patch fixing an issue, as you describe, please
> share that patch so we can fix any remaining issue in FFmpeg
As was already discussed on libav-devel, I only know two solutions:
https://lists.libav.org/pipermail/libav-devel/2016-January/074161.html
--
Rémi Denis-Courmont
http://www.remlab.net/
More information about the vlc-devel
mailing list