CHBMB 6 Posted 11 hours ago Posted 11 hours ago (edited) With the public announcement of pixelsmash (see CVE report here) Could we get some clarity regarding where we stand with Emby and this vulnerability please? It appears Jellyfin have already fixed it and were notified about t he vulnerability before it was made public, and Plex isn't vulnerable due to their customisation of ffmpeg. I couldn't find any information regarding where Emby sits with regard to this and would appreciate some clarity. Thanks Edited 11 hours ago by CHBMB Improve title 1 3
Pejamas 64 Posted 8 hours ago Posted 8 hours ago Came here straight after seeing the jellyfin post on reddit expecting to see an update. 2
CHBMB 6 Posted 8 hours ago Author Posted 8 hours ago I've sent a PM to the Emby devs as well, but, whilst it's been read by one of them, no reply as of yet.
CHBMB 6 Posted 7 hours ago Author Posted 7 hours ago Reading here it doesn't sound like Emby got a heads up, and it doesn't sound like a remote code execution can happen on Emby either, like it could on Jellyfin, but an Emby server could be crashed. Less than ideal, but far less worrying than a RCE. They also tested v4.8.11 rather than the current release.
cowdoy 0 Posted 55 minutes ago Posted 55 minutes ago Yeah I would love to see some sort of communication from the team about this. Doesn't make me feel great about running this on my system.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now