Lucene search
K

7 matches found

OSV
OSV
added 2017/06/28 6:29 a.m.4 views

UBUNTU-CVE-2017-9993

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...

7.5CVSS7.2AI score0.16437EPSS
Exploits5References4
OSV
OSV
added 2017/06/28 6:29 a.m.3 views

ALPINE-CVE-2017-9993

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...

7.5CVSS6.9AI score0.16437EPSS
Exploits5References1
Prion
Prion
added 2017/06/28 6:29 a.m.27 views

Code injection

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...

5CVSS6.9AI score0.16437EPSS
Exploits5References5Affected Software2
OSV
OSV
added 2017/06/28 6:29 a.m.4 views

DEBIAN-CVE-2017-9993

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...

7.5CVSS6.9AI score0.16437EPSS
Exploits5References1
CVE
CVE
added 2017/06/28 6:0 a.m.127 views

CVE-2017-9993

FFmpeg vulnerability CVE-2017-9993 allows reading arbitrary files via crafted HLS playlists by not properly restricting HTTP Live Streaming filename extensions and demuxer names. Affected are FFmpeg releases prior to 2.8.12, 3.0.x (3.0.0–3.0.x with 3.1.x before 3.1.9), 3.2.x before 3.2.6, and 3.3...

7.5CVSS6.7AI score0.16437EPSS
Exploits5References5Affected Software1
Debian CVE
Debian CVE
added 2017/06/28 6:0 a.m.25 views

CVE-2017-9993

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...

7.5CVSS7.6AI score0.16437EPSS
Exploits5
CNVD
CNVD
added 2017/06/28 12:0 a.m.6 views

Ffmpeg Arbitrary File Read Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg because the program fails to properly restrict HTTP Live Streaming filename extensions and demuxer names. The vulnerability can be exploited to rea...

7.5CVSS6.8AI score0.16437EPSS
Exploits5References1
Rows per page
Query Builder