CVE-2016-1898

Name of the Vulnerable Software and Affected Versions FFmpeg versions 2.x

Description The issue allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file. This leads to an external HTTP request in which the URL string contains an arbitrary line of a local file.

Recommendations For FFmpeg version 2.x, update to a version that contains a fix for this issue.