Search for vulnerabilities
Vulnerability details: VCID-a4su-jd5k-2yeb
Vulnerability ID VCID-a4su-jd5k-2yeb
Aliases CVE-2023-6601
Summary A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
Status Published
Exploitability 0.5
Weighted Severity 4.2
Risk 2.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
System Score Found at
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2023-6601
cvssv3.1 4.7 https://bugzilla.redhat.com/show_bug.cgi?id=2253172
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2253172
cvssv3.1 3.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-6601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6601
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
CVE-2023-6601 https://nvd.nist.gov/vuln/detail/CVE-2023-6601
show_bug.cgi?id=2253172 https://bugzilla.redhat.com/show_bug.cgi?id=2253172
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2253172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:07:37Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2253172
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.13843
EPSS Score 0.00046
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:39:17.766168+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/6xxx/CVE-2023-6601.json 37.0.0