File Extension Bypass Vulnerability in FFmpeg's HLS Demuxer
CVE-2023-6601

Currently unrated

Key Information:

Vendor: FFmpeg
Status: FFmpeg
Vendor: CVE Published:; 6 January 2025

What is CVE-2023-6601?

A flaw in FFmpeg’s HLS demuxer allows attackers to bypass unsafe file extension checks. This can lead to the execution of arbitrary demuxers when specific base64-encoded data URIs are used with manipulated file extensions, potentially compromising the integrity of systems using this media processing library.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2253172

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2025