FFmpeg prior to 2.8.12, 3.0.x and 3.1.x prior to 3.1.9, 3.2.x prior to 3.2.6, and 3.3.x prior to 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows malicious users to read arbitrary files via crafted playlist data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ffmpeg ffmpeg |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |