Opened 4 years ago

Closed 4 years ago

#8978 closed defect (duplicate)

ffmpeg dependency security bug

Reported by: fastfading Owned by:
Priority: normal Component: undetermined
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Current ffmpeg version 4.3.1
ffmpeg version 4.3.1-static https://johnvansickle.com/ffmpeg/ Copyright (c) 2000-2020 the FFmpeg developers

built with gcc 8 (Debian 8.3.0-6)
configuration: --enable-gpl --enable-version3 --enable-static --disable-debug --disable-ffplay --disable-indev=sndio --disable-outdev=sndio --cc=gcc --enable-fontconfig --enable-frei0r --enable-gnutls --enable-gmp --enable-libgme --enable-gray --enable-libaom --enable-libfribidi --enable-libass --enable-libvmaf --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libvorbis --enable-libopus --enable-libtheora --enable-libvidstab --enable-libvo-amrwbenc --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libdav1d --enable-libxvid --enable-libzvbi --enable-libzimg

depend on 3rd party
Lib Bug ID Version Latest Known Version
openjpeg CVE-2016-7163 2.3.1 2.3.1
libpng CVE-2019-7317 1.6.36 1.6.37
bzip2 CVE-2019-12900 1.0.6 1.0.8
expat CVE-2019-15903 2.2.6 2.2.10
alsa CVE-2019-13351 1.0.17

These 3rd party libs all have security bugs.
you can google CVE bug id for detail easily.
For Example https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7163
Please upgrade these libs to newest version to fix that.

Change History (1)

comment:1 by mkver, 4 years ago

Priority: importantnormal
Resolution: duplicate
Status: newclosed

Duplicate of #8973.

Note: See TracTickets for help on using tickets.