CVE-2023-6605 is a vulnerability identified in FFmpeg version 2.0 related to its handling of DASH (Dynamic Adaptive Streaming over HTTP) playlists. The flaw arises from improper control of resource identifiers, specifically allowing resource injection via maliciously crafted DASH playlists. When FFmpeg processes such a playlist, it can be tricked into issuing arbitrary HTTP GET requests to URLs specified by an attacker. This behavior stems from insufficient validation or sanitization of URLs within the playlist, enabling an attacker to leverage the victim machine's network privileges to perform unintended HTTP requests. The vulnerability has a CVSS 3.1 base score of 7.2, indicating high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C). The impact includes limited confidentiality and integrity loss, as attackers can potentially gather information about the internal network or influence external systems by proxying requests through the vulnerable host. There is no direct impact on availability or code execution. No known exploits have been reported in the wild yet. The vulnerability was published on January 6, 2025, and assigned by Fedora. The affected version is FFmpeg 2.0, a widely used multimedia framework for processing video and audio streams, including in media production, streaming platforms, and content delivery networks.

For European organizations, the impact of CVE-2023-6605 can be significant, especially for those relying on FFmpeg for media processing, streaming, or content delivery. Attackers could exploit this vulnerability to perform unauthorized HTTP requests from within the organization's network, potentially bypassing firewall restrictions or network segmentation. This could lead to information disclosure about internal network configurations or allow attackers to reach otherwise inaccessible internal or external resources. Additionally, attackers might use this capability to conduct further attacks such as SSRF (Server-Side Request Forgery), pivoting within the network, or abusing the victim's IP reputation. While the vulnerability does not directly compromise system integrity or availability, the indirect consequences could affect confidentiality and trustworthiness of media processing pipelines. Organizations in sectors like broadcasting, media production, telecommunications, and cloud service providers hosting media services are particularly at risk. The absence of known exploits reduces immediate risk, but the high severity score and ease of exploitation warrant proactive measures.

1. Update FFmpeg to the latest patched version as soon as it becomes available from official sources or trusted package maintainers. 2. If immediate patching is not possible, restrict network access for processes running FFmpeg, using firewall rules or network segmentation to limit outbound HTTP requests. 3. Implement input validation and sanitization on DASH playlists before processing them with FFmpeg, ensuring URLs are from trusted sources or conform to expected patterns. 4. Monitor network traffic originating from FFmpeg processes for unusual or unexpected HTTP requests, using intrusion detection systems or network monitoring tools. 5. Employ application whitelisting or sandboxing techniques to limit the capabilities of FFmpeg processes. 6. Educate developers and system administrators about the risks of processing untrusted media content and enforce strict content ingestion policies. 7. Review and update incident response plans to include scenarios involving resource injection or SSRF-like attacks via media processing tools.