AttackFeed by Joe Wagner | FFmpeg 7.0+ LADSPA Filter Arbitrary Shared Object Loading via Unsanitized Environment Variables  - Full Disclosure

FFmpeg 7.0+ LADSPA Filter Arbitrary Shared Object Loading via Unsanitized Environment Variables  – Full Disclosure

Posted on By Joe-W
Alert Feeds

 

Posted by Ron E on Sep 08

The ladspa audio filter implementation (libavfilter/af_ladspa.c) in FFmpeg
allows unsanitized environment variables to influence dynamic library
loading. Specifically, the filter uses getenv(“LADSPA_PATH”) and
getenv(“HOME”) when resolving the plugin shared object (.so) name provided
through the file option. These values are concatenated into a filesystem
path and passed directly into dlopen() without validation or…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
Re: Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss  – Full Disclosure
September 10, 2025
Alert Feeds
Submission of Critical Firmware Parameters – PCIe HCA Cards  – Full Disclosure
September 8, 2025
Alert Feeds
Malvuln – MISP compatible malware vulnerability intelligence feed now live  – Full Disclosure
October 21, 2025
Alert Feeds
[tool] CRSprober  – Full Disclosure
August 18, 2025
AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.