Security Advisory

CVE-2017-9993

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-06-28 06:00:00

Last updated 2024-08-05 17:25:00

Assigner mitre

State PUBLISHED

Description

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

← Browse all CVEs View on cve.org ↗