VYPR
High severity7.5NVD Advisory· Published Jun 28, 2017· Updated Jun 17, 2026

CVE-2017-9993

CVE-2017-9993

Description

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • FFmpeg/Ffmpeg2 versions
    cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*range: <2.8.12
    • (no CPE)range: <2.8.12, >=3.0 <3.1.9, >=3.2 <3.2.6, >=3.3 <3.3.2
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.