CHBMB 4 Posted 6 hours ago Posted 6 hours ago (edited) With the public announcement of pixelsmash (see CVE report here) Could we get some clarity regarding where we stand with Emby and this vulnerability please? It appears Jellyfin have already fixed it and were notified about t he vulnerability before it was made public, and Plex isn't vulnerable due to their customisation of ffmpeg. I couldn't find any information regarding where Emby sits with regard to this and would appreciate some clarity. Thanks Edited 6 hours ago by CHBMB Improve title 2
Pejamas 63 Posted 3 hours ago Posted 3 hours ago Came here straight after seeing the jellyfin post on reddit expecting to see an update. 1
CHBMB 4 Posted 3 hours ago Author Posted 3 hours ago I've sent a PM to the Emby devs as well, but, whilst it's been read by one of them, no reply as of yet.
CHBMB 4 Posted 1 hour ago Author Posted 1 hour ago Reading here it doesn't sound like Emby got a heads up, and it doesn't sound like a remote code execution can happen on Emby either, like it could on Jellyfin, but an Emby server could be crashed. Less than ideal, but far less worrying than a RCE. They also tested v4.8.11 rather than the current release.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now