Описание
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 7:3.2.6-1 |
| bionic | not-affected | 7:3.2.6-1 |
| cosmic | not-affected | 7:3.2.6-1 |
| devel | not-affected | 7:3.2.6-1 |
| disco | not-affected | 7:3.2.6-1 |
| esm-apps/bionic | not-affected | 7:3.2.6-1 |
| esm-apps/focal | not-affected | 7:3.2.6-1 |
| esm-apps/jammy | not-affected | 7:3.2.6-1 |
| esm-apps/noble | not-affected | 7:3.2.6-1 |
| esm-apps/xenial | released | 7:2.8.14-0ubuntu0.16.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | needed | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6 ...
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3