Rapid7

vulnerability

Debian: CVE-2021-3566: ffmpeg -- security update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Aug 5, 2021
Added
Aug 16, 2021
Modified
Mar 30, 2026

Description

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By crafting a legitimate "ffconcat" file that references an image, followed by a file the triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim (as long as the `-vcodec copy` option is passed to ffmpeg).

Solution

debian-upgrade-ffmpeg
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

    Rapid7 Vulnerability Database