NuytsTech Security

CVE-2017-9993

by ·

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

Date published : 2017-06-28

http://www.securityfocus.com/bid/99315

http://www.debian.org/security/2017/dsa-3957

Tags: