Advisory 2024-03/04 FFmpeg Vulnerabilities


Vulnerability typesExecution of arbitrary code, denial of service
Severity factors

These vulnerabilities have CVSS severity ratings of 7.5 high to 9.8 critical.

FileCloud is updating FFmpeg, a WebDRM dependency, to version 6.1.1 to fix this vulnerability.

Versions affectedFileCloud version 23.232 is affected.
Version fixedFileCloud version 23.232.1 and later


Description

An FFmpeg vulnerability could enable execution of arbitrary code or a denial of service attack.

Fix

FileCloud version 23.232.1.24856 upgrades FFmpeg to version 6.1.1, which does not include this vulnerability.

What you should do to fix this vulnerability

  • If you are using FileCloud Server version 23.232, we recommended that you update to the latest version, which is 23.232.1.24856 or greater. 
  • If you are using FileCloud Online, your site has already been updated to the latest version.

If you have any questions about this advisory, please contact FileCloud support.