[FFmpeg-user] ffmpeg 4.4.1 security issue
Carl Eugen Hoyos
ceffmpeg at gmail.com
Sun Jan 9 12:19:17 EET 2022
Am Do., 6. Jan. 2022 um 14:13 Uhr schrieb Dama, Nikhil via ffmpeg-user
<ffmpeg-user at ffmpeg.org>:
> My security team denied the download of the package, and here is the
> following explanation that they gave:
> DOWNLOAD DENIED: Muliple known vulnerabilities like CVE-2021-38171
Because of the extreme reaction by your security team it should really
be noted that if this CVE allows code execution (I don't know) only you (as
the person who starts ffmpeg) can use the vulnerability to take over your
system (with your user rights)...
Carl Eugen
More information about the ffmpeg-user
mailing list