[vlc-devel] [PACKAGERS] libavformat leak security advisory
remi at remlab.net
Tue Jan 19 21:05:15 CET 2016
On Tuesday 19 January 2016 20:49:35 Michael Niedermayer wrote:
> If you know of a security issue in FFmpeg 2.8.5, please provide details
> about that. I am not aware of a remaining related issue and none
> was reported to ffmpeg-security.
HLS is just one mean of URL indirection. Any redirection or "playlist" format,
and probably some other less obvious means open the same window of attack as
The current libavformat concat is essentially an injection vulnerability.
> Also if you have a patch fixing an issue, as you describe, please
> share that patch so we can fix any remaining issue in FFmpeg
As was already discussed on libav-devel, I only know two solutions:
More information about the vlc-devel