Unrated severityOSV Advisory· Published Jan 6, 2025· Updated Nov 3, 2025
Ffmpeg: hls unsafe file extension bypass in ffmpeg
CVE-2023-6601
Description
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- osv-coords9 versionspkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-7&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 4.4.6-150600.13.38.1+ 8 more
- (no CPE)range: < 4.4.6-150600.13.38.1
- (no CPE)range: < 4.4.6-10.1
- (no CPE)range: < 7.1.3-1.1
- (no CPE)range: < 4.4.6-150400.3.60.1
- (no CPE)range: < 4.4.6-150400.3.60.1
- (no CPE)range: < 4.4.6-150600.13.38.1
- (no CPE)range: < 4.4.6-150400.3.60.1
- (no CPE)range: < 4.4.6-150400.3.60.1
- (no CPE)range: < 4.4.6-150600.13.38.1
Patches
Vulnerability mechanics
References
1- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.