CVE-2017-9993 in FFmpeginfo

Summary

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

Reservation

06/28/2017

Disclosure

06/28/2017

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
102891	FFmpeg HTTP Live Streaming Filename Extension Name information disclosure	200	Not defined	Official fix	CVE-2017-9993

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!