Arbitrary File Read Vulnerability in FFmpeg

Arbitrary File Read Vulnerability in FFmpeg

CVE-2017-9993 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

Learn more about our Web Application Penetration Testing UK.