[FFmpeg-trac] #5991(ffmpeg:new): Design issue affecting security

FFmpeg trac at avcodec.org
Mon Dec 5 03:56:27 EET 2016


#5991: Design issue affecting security
--------------------------------+--------------------------------------
             Reporter:  paulch  |                     Type:  defect
               Status:  new     |                 Priority:  critical
            Component:  ffmpeg  |                  Version:  git-master
             Keywords:          |               Blocked By:
             Blocking:          |  Reproduced by developer:  0
Analyzed by developer:  0       |
--------------------------------+--------------------------------------
 '''Overview: '''

 Attacker can create file with special name and bypass protocol white/black
 lists and achieve SSRF,  if filename is passed to ffmpeg as an argument
 like {{{ ffmpeg -i <controlled_filename> output}}}


 '''How to reproduce:'''
 {{{
 $ nc -lvvp 1337 # listen of the local server to confirm the bug
 $ touch "http:localhost:1337.mov" # create file that will be pass as an
 argument
 $ ffmpeg -i "http:localhost:1337.mov" output.mov # trigger the bug
 }}}

 Execution of these shell commands confirms that if attacker controls the
 filename, he could control the protocol and workflow of FFmpeg.

 '''Final words:'''

 FFmpeg is software commonly used by large companies and other projects
 which use it as third-party software to process video on their own
 servers. This report shows that if name of file has not been changed
 before it is passed to FFmpeg, it could cause very harmful consequences.
 It was confirmed that issue exists in modern services and it is highly
 recommended to fix it.

 Contact me if you need more details about this issue.

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5991>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list