Another cave, FFmpeg2.x explosion of high-risk vulnerabilities-exploit, Trojan, FFmpeg-IT information

IT information news on May 7, with higher degree of social Internet, network security is everybody's attention, many software often found a high-risk vulnerabilities, this FFmpeg2.x was wrong.

This vulnerability is highly dangerous, bugs number CVE-2016-1897 and CVE-2016-1898, two vulnerabilities that could allow hackers to upload HLS slice structure index files, steal local files on the server side information remotely, FFmpeg version 2.2.10 users a high risk of attack.

FFmpeg is a set can be used to record and convert digital audio, video, and convert it into a stream of open source computer programs. LGPL or GPL license. It provides record, convert and stream audio and video of the complete solution. FFmpeg in Linux platforms under development, but it also can be compiled to run on other operating systems environment, including Windows, Mac OS x, and so on.

Using this program, please feel free to check the user to upgrade to the latest version:

Upgrade to 2.8.5 FFmpeg 2.8.x series or above;

FFmpeg upgrade from 2.7.x to 2.7.5 or above;

FFmpeg 2.6.x series upgrade to 2.6.7 or higher;

FFmpeg 2.5.x series upgrade to 2.5.10 or above.

Recommended reading:

Apple Xcode updates: fix two significant loopholes

再来一洞，FFmpeg2.x爆高危漏洞 - 漏洞,木马,FFmpeg - IT资讯

IT资讯讯 5月7日消息，随着社会互联网化程度越来越高，网络安全逐渐得到了大家的重视，许多软件时常曝出高危漏洞，这不FFmpeg2.x出事了。

本次漏洞的等级为高度危险，漏洞编号为CVE-2016-1897和CVE-2016-1898，这两个漏洞可能会使黑客通过上传构造的hls切片索引文件，远程窃取服务器端本地文件信息，FFmpeg版本低于2.2.10的用户遭到攻击的风险很高。

FFmpeg是一套可以用来记录、转换数字音频、视频，并能将其转化为流的开源计算机程序。采用LGPL或GPL许可证。它提供了录制、转换以及流化音视频的完整解决方案。FFmpeg在Linux平台下开发，但它同样也可以在其它操作系统环境中编译运行，包括Windows、Mac OS X等。

使用该程序的用户请立刻检查升级至最新版本：

FFmpeg 2.8.x系列升级至2.8.5或以上；

FFmpeg 2.7.x系列升级至2.7.5或以上；

FFmpeg 2.6.x系列升级至2.6.7或以上；

FFmpeg 2.5.x系列升级至2.5.10或以上。

推荐阅读：

《苹果Xcode获更新：修复两处重大漏洞》