Login Sign Up

CVE-2023-6602

5.3 MEDIUM

📋 TL;DR

This vulnerability in FFmpeg's TTY Demuxer allows data exfiltration through improper parsing of non-TTY-compliant input files in HLS playlists. Attackers can craft malicious HLS playlists to potentially leak sensitive data from systems processing media files. This affects any application or service using vulnerable FFmpeg versions to process HLS content.

💻 Affected Systems

Products:
  • FFmpeg
Versions: Versions before 6.1.1
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using FFmpeg to process HLS playlists with TTY demuxer functionality.

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive data exfiltration from systems processing malicious HLS playlists, potentially including memory contents or file system access.

🟠

Likely Case

Limited data leakage from media processing systems, potentially exposing internal file paths or partial memory contents.

🟢

If Mitigated

No data exfiltration occurs due to proper input validation and patched FFmpeg versions.

🌐 Internet-Facing: MEDIUM - Internet-facing media processing services could be targeted with malicious HLS playlists.
🏢 Internal Only: LOW - Internal media processing systems are less likely to encounter malicious HLS playlists.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious HLS playlists and getting them processed by vulnerable FFmpeg instances.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FFmpeg 6.1.1 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2334338

Restart Required: No

Instructions:

1. Update FFmpeg to version 6.1.1 or later. 2. For Linux distributions, use package manager: 'sudo apt update && sudo apt upgrade ffmpeg' (Debian/Ubuntu) or 'sudo yum update ffmpeg' (RHEL/CentOS). 3. Recompile applications using FFmpeg if statically linked.

🔧 Temporary Workarounds

Disable TTY Demuxer

linux

Disable the vulnerable TTY demuxer component in FFmpeg configuration.

Recompile FFmpeg with --disable-demuxer=tty flag

Input Validation

all

Implement strict validation of HLS playlist inputs before processing.

🧯 If You Can't Patch

  • Implement network segmentation to isolate media processing systems
  • Monitor for unusual outbound traffic from media processing servers

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version: 'ffmpeg -version | grep version' and compare to 6.1.1

Check Version:

ffmpeg -version | grep version

Verify Fix Applied:

Confirm FFmpeg version is 6.1.1 or later: 'ffmpeg -version | grep -E "version 6\.[1-9]\.[1-9]|version [7-9]"'

📡 Detection & Monitoring

Log Indicators:

  • FFmpeg segmentation faults when processing HLS files
  • Unusual file access patterns in media processing logs

Network Indicators:

  • Unexpected outbound connections from media processing servers
  • Unusual data transfers following HLS file processing

SIEM Query:

source="ffmpeg.log" AND ("segmentation fault" OR "invalid input")

📊 Metadata

CVE ID: CVE-2023-6602
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-99
Published: December 31, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6602, you might also want to check these:

CVE-2025-43491 9.8

A vulnerability in Poly Lens Desktop for Windows allows local attackers to modify filesystem permiss...

Same vulnerability type (CWE-99)
CVE-2025-0756 9.1

This vulnerability in Hitachi Vantara Pentaho Data Integration & Analytics allows attackers to injec...

Same vulnerability type (CWE-99)
CVE-2024-57971 9.1

This vulnerability in Knowage Server allows attackers to perform JNDI injection attacks by manipulat...

Same vulnerability type (CWE-99)