OxBat OxBat

## FFmpeg-SSRF-Protocol-Smuggling.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
            
              
                
                0 comments
              
            
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                OxBat
                / FFmpeg-SSRF-Protocol-Smuggling.md
            
            
              Created
              March 4, 2026 21:17
            
          
        
      
        

      
      
    FFmpeg SSRF & Protocol Smuggling via HTTP-to-RTSP Redirection (libavformat) | (CVE-Pending)

1. Vulnerability Overview

Product: FFmpeg

Vulnerable Component: libavformat (http.c)

Vulnerability Type: Server-Side Request Forgery (SSRF) / Protocol Smuggling / CWE-918 / CWE-436

Affected Versions: All versions prior to Git commit b9227d49eabce4e54b2dedf60ec23a96d74ba16a (including 7.1 and older).

Discoverer: BapToutatis (via YesWeHack)
Summary