Arbitrary File Read Vulnerability in FFmpeg
CVE-2017-9993 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
Learn more about our Web Application Penetration Testing UK.