CVE-2023-6605
Jan. 6, 2025, 5:15 p.m.
Tags
CVSS Score
Product(s) Impacted
FFmpeg
Description
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
Weaknesses
CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
CWE ID: 99Date
Published: Jan. 6, 2025, 5:15 p.m.
Last Modified: Jan. 6, 2025, 5:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
patrick@puiterwijk.org
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N