Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVEs affecting ffmpeg 4.4.1 #2051

Open
colin-pm opened this issue Jan 2, 2025 · 2 comments
Open

CVEs affecting ffmpeg 4.4.1 #2051

colin-pm opened this issue Jan 2, 2025 · 2 comments
Assignees
@thochstein

Comments

@colin-pm
Copy link

colin-pm commented Jan 2, 2025

Hello,

After running cve-check on the Kirkstone branch, several CVEs have been identified with ffmpeg 4.4.1.

I've experimented with applying the patches for these CVEs to ffmpeg 4.4.1. All of the patches have merge conflicts. Four of the CVE patches do not even appear to apply to files that exist in 4.4.1, meaning the CVE might not exist on 4.4.1, or is hidden somewhere else in the code. Upgrading ffmpeg might be the better solution, but 1c6c0f6 indicates there is a blocker from being able to upgrade ffmpeg. Will this be resolved so a newer version of ffmpeg can be used?
@otavio
Copy link
Member

otavio commented Jan 2, 2025

I don't expect this going to be worked in the Kirkstone branch, as there is a new version already included in new Scarthgap release.

@colin-pm
Copy link
Author

colin-pm commented Jan 3, 2025

This appears to also affect the newest release as well, which also includes ffmpeg 4.4.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thochstein thochstein

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@otavio @colin-pm @thochstein