Thierry Foucu

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 2.8.12 FFmpeg versions 3.0.x and 3.1.x prior to 3.1.9 FFmpeg versions 3.2.x prior to 3.2.6 FFmpeg versions 3.3.x prior to 3.3.2 **Description** The issue allows attackers to read arbitrary files via crafted playlist data due to improper restriction of HTTP Live Streaming filename extensions and demuxer names. **Recommendations** For FFmpeg versions prior to 2.8.12, update to version 2.8.12 or later. For FFmpeg versions 3.0.x and 3.1.x prior to 3.1.9, update to version 3.1.9 or later. For FFmpeg versions 3.2.x prior to 3.2.6, update to version 3.2.6 or later. For FFmpeg versions 3.3.x prior to 3.3.2, update to version 3.3.2 or later.