CVE-2023-5217 - update ffmpeg

arthenica / ffmpeg-kit

FFmpeg Kit for applications. Supports Android, Flutter, iOS, Linux, macOS, React Native and tvOS. Supersedes MobileFFmpeg, flutter_ffmpeg and react-native-ffmpeg.

https://arthenica.github.io/ffmpeg-kit

GNU Lesser General Public License v3.0

4.52k stars 603 forks source link

CVE-2023-5217 - update ffmpeg #1050

Open licaon-kter opened 1 month ago

licaon-kter commented 1 month ago

ref: https://www.openwall.com/lists/oss-security/2023/09/28/5

tanersener commented 3 weeks ago

I've marked this as enhancement since there is a new libvpx version. However, I don't believe this bug impacts either FFmpeg or FFmpegKit. Chromium developers have noted that Going from threaded to non-threaded would cause a crash, but as far as I know, this situation isn’t possible in FFmpeg.