HIGH🇵🇱 Wersja polska

CVE-2023-6605

CVSS 7.2v3.1pub. 2025-01-06upd. 2025-11-03

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
  • Ffmpeg

    APP
    Ffmpeg
    2.0 – 6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-35368CRITICAL9.8PL ✓ten sam produkt

Double Free w FFmpeg — podatność w dekoderze RKMPP (libavcodec)

CVE-2024-35367CRITICAL9.1PL ✓ten sam produkt

FFmpeg: Out-of-bounds Read w dekoderze VP8 na architekturze PowerPC (AltiVec)

CVE-2024-35366CRITICAL9.1PL ✓ten sam produkt

FFmpeg: Integer Overflow w parse_options (sbgdec.c) — moduł libavformat

CVE-2024-31581CRITICAL9.8PL ✓ten sam produkt

FFmpeg: nieprawidłowa walidacja indeksu tablicy w dekodowaniu H.266

CVE-2024-22862CRITICAL9.8PL ✓ten sam produkt

Integer overflow w FFmpeg — RCE przez parser JPEG XL