[FFmpeg-trac] #8974(undetermined:new): ffmpeg dependency security bug
FFmpeg
trac at avcodec.org
Thu Nov 12 09:49:16 EET 2020
#8974: ffmpeg dependency security bug
-------------------------------------+-------------------------------------
Reporter: fastfading | Type: defect
Status: new | Priority: important
Component: | Version: git-
undetermined | master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Current ffmpeg version 4.3.1
ffmpeg version 4.3.1-static https://johnvansickle.com/ffmpeg/ Copyright
(c) 2000-2020 the FFmpeg developers
built with gcc 8 (Debian 8.3.0-6)
configuration: --enable-gpl --enable-version3 --enable-static --disable-
debug --disable-ffplay --disable-indev=sndio --disable-outdev=sndio
--cc=gcc --enable-fontconfig --enable-frei0r --enable-gnutls --enable-gmp
--enable-libgme --enable-gray --enable-libaom --enable-libfribidi
--enable-libass --enable-libvmaf --enable-libfreetype --enable-libmp3lame
--enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg
--enable-librubberband --enable-libsoxr --enable-libspeex --enable-libsrt
--enable-libvorbis --enable-libopus --enable-libtheora --enable-libvidstab
--enable-libvo-amrwbenc --enable-libvpx --enable-libwebp --enable-libx264
--enable-libx265 --enable-libxml2 --enable-libdav1d --enable-libxvid
--enable-libzvbi --enable-libzimg
depend on 3rd party
Lib Bug ID Version Latest Known Version
openjpeg CVE-2016-7163 2.3.1 2.3.1
libpng CVE-2019-7317 1.6.36 1.6.37
bzip2 CVE-2019-12900 1.0.6 1.0.8
expat CVE-2019-15903 2.2.6 2.2.10
alsa CVE-2019-13351 1.0.17
These 3rd party libs all have security bugs.
you can google CVE bug id for detail easily.
For Example https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7163
Please upgrade these libs to newest version to fix that.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8974>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list