Lucene search

K

PRIOn knowledge basePRION:CVE-2017-9993

HistoryJun 28, 2017 - 6:29 a.m.

Code injection

2017-06-2806:29:00

PRIOn knowledge base

www.prio-n.com

8

6.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq9.0
ffmpeglt2.8.12
ffmpegge3.2
ffmpeglt3.2.6
ffmpegge3.3
ffmpeglt3.3.2
ffmpegge3.0
ffmpeglt3.1.9

References

www.debian.org/security/2017/dsa-3957

www.securityfocus.com/bid/99315

github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021

github.com/FFmpeg/FFmpeg/commit/a5d849b149ca67ced2d271dc84db0bc95a548abb

lists.debian.org/debian-lts-announce/2019/01/msg00006.html

6.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

Related for PRION:CVE-2017-9993

alpinelinux1 debiancve1 cvelist1 veracode1 ubuntucve1 cve1 osv3 nvd1 debian3 nessus2 openvas3 mageia1