CVE-2017-9993

Published: 2017-06-28T06:29Z

Last Modified: 2024-11-21T03:37Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt