Ffmpeg » Ffmpeg : Security Vulnerabilities, CVEs, Published In 2017 (Information Leak) CVSS score >= 3
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
Max CVSS
7.5
EPSS Score
0.47%
Published
2017-06-28
Updated
2019-03-26
1 vulnerabilities found