Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2017-9993 PUBLISHED CVSS 7.5 HIGH

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

Risk Scores

CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Alpine:v3.5ffmpeg2.6.3-r0, 3.1.7-r0, 3.1.6-r0
Alpine:v3.6ffmpeg3.2.4-r1, 1.2.2-r0, 1.2.4-r0
Alpine:v3.4ffmpeg3.0.7-r0, 3.0.2-r1, 3.0.2-r0

Timeline

References

Open in Interactive Console →