ffmpeg has a vulnerability in the current version that allows the attacker to create a specially crafted video file, downloading which will send files from a user PC to a remote attacker server. The attack does not even require the user to open that file – for example, KDE Dolphin thumbnail generation is enough. Desktop search indexers (i.e. baloo) could be affected. ffprobe is affected, basically all operations with file that involve ffmpeg reading it are affected
Source: Zero-Day FFmpeg Vulnerability Lets Anyone Steal Files from Remote Machines – Updated
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft
robin@edgarbv.com
https://www.edgarbv.com