摘要:
Prior to ffmpeg version 4.3, the tty demuxer did not have a read_probe function assigned to it. By crafting a legitimate ffconcat file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
安全等级: Low
公告ID: KylinSec-SA-2022-2364
发布日期: 2022年9月30日
关联CVE: CVE-2021-3566
Prior to ffmpeg version 4.3, the tty demuxer did not have a read_probe function assigned to it. By crafting a legitimate ffconcat file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-3566 | KY3.4-4A | ffmpeg | Unaffected |
