All,

Apologies in advance if this is not the correct forum. We're currently
using FFmpeg in a production application, and our infosec folks have
flagged it as a vulnerability.

https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726

a) has anyone applied and implemented this patch in an upcoming version of
FFmpeg?
b) has anyone had to deal with mitigating this vulnerability in your
production application, and can point us to a solution that doesn't force
us to compromise functionality?

CVE details: https://nvd.nist.gov/vuln/detail/CVE-2020-12284

Private or public replies are welcome.

Thanks!


*Patrick Watts <http://about.me/patrickwatts>*Lead Business Analyst
LifeWay Christian Resources
(615) 251-5793
Twitter: @patrickwatts <http://twitter.com/patrickwatts>


*We serve the Church in Her mission of making disciples.*
*FREE resources from LifeWay for your church:*
https://lifeway.com/coronavirus



*Download a free sample at https://vbs.lifeway.com/free-sample/
<https://vbs.lifeway.com/free-sample/>*
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to