Hi all on 8 Aug 2021 08:02:54 +0200 janne informed ffmpeg-security about a arbitrary code execution vulnerability in the fateserver code in both libav and ffmpeg. From the log janne showed us it was apparently used by someone yesterday to attempt to run sudo i did shutdown apache on fate.ffmpeg.org at about 8:45 so the fateserver is offline and will stay so until the code is fixed On the ffmpeg side, it seems someone tried to use this to run ls -la cat /etc/passwd uptime
long ago, so far ive not found any other traces nor any recent attempted use for both libav and ffmpeg the vulnerable code is offline so i guess theres no reason to keep this issue private Thanks -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
