7 matches found
UBUNTU-CVE-2017-9993
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...
ALPINE-CVE-2017-9993
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...
Code injection
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...
DEBIAN-CVE-2017-9993
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...
CVE-2017-9993
FFmpeg vulnerability CVE-2017-9993 allows reading arbitrary files via crafted HLS playlists by not properly restricting HTTP Live Streaming filename extensions and demuxer names. Affected are FFmpeg releases prior to 2.8.12, 3.0.x (3.0.0–3.0.x with 3.1.x before 3.1.9), 3.2.x before 3.2.6, and 3.3...
CVE-2017-9993
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data...
Ffmpeg Arbitrary File Read Vulnerability
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg because the program fails to properly restrict HTTP Live Streaming filename extensions and demuxer names. The vulnerability can be exploited to rea...