JLSEC-2025-146

A flaw was found in FFmpeg's HLS demuxer

JLSEC Published: Oct 19, 2025
Modified: Oct 31, 2025
Affected Packages: FFMPEG_jll < 6.1.1+0
FFplay_jll < 7.1.0+0
Aliases / Upstream: CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2253172