Opened 3 years ago
Closed 3 years ago
#8979 closed defect (duplicate)
ffmpeg dependency security bug
| Reported by: | fastfading | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | undetermined |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Current ffmpeg version 4.3.1
ffmpeg version 4.3.1-static https://johnvansickle.com/ffmpeg/ Copyright (c) 2000-2020 the FFmpeg developers
built with gcc 8 (Debian 8.3.0-6)
configuration: --enable-gpl --enable-version3 --enable-static --disable-debug --disable-ffplay --disable-indev=sndio --disable-outdev=sndio --cc=gcc --enable-fontconfig --enable-frei0r --enable-gnutls --enable-gmp --enable-libgme --enable-gray --enable-libaom --enable-libfribidi --enable-libass --enable-libvmaf --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libvorbis --enable-libopus --enable-libtheora --enable-libvidstab --enable-libvo-amrwbenc --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libdav1d --enable-libxvid --enable-libzvbi --enable-libzimg
depend on 3rd party
Lib Bug ID Version Latest Known Version
openjpeg CVE-2016-7163 2.3.1 2.3.1
libpng CVE-2019-7317 1.6.36 1.6.37
bzip2 CVE-2019-12900 1.0.6 1.0.8
expat CVE-2019-15903 2.2.6 2.2.10
alsa CVE-2019-13351 1.0.17
These 3rd party libs all have security bugs.
you can google CVE bug id for detail easily.
For Example https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7163
Please upgrade these libs to newest version to fix that.
Change History (1)
comment:1 by , 3 years ago
| Priority: | important → normal |
|---|---|
| Resolution: | → duplicate |
| Status: | new → closed |
Duplicate of #8973.