brarcher
commented
6 years ago You must be watching my pull requests very closely to have found this so soon. (:
This is part of an effort in all of my apps to find and resolve any security issues, if they exist. On one side, I'm adding the Snyk App to my GitHub projects which checks if a dependency has known security vulnerabilities (CVEs). That should help flag potential issues. However, it is still possible there is a bug in the ffmpeg binary used or one of its dependencies which, if exploited, in the worse case could result in arbitrary code execution when attempting to encode a video. I think the damage to such a inflicted attack would be limited from Android's own protection model.
Generally, because this app does not connect to the Internet, if there were a security vulnerability it would have low impact. However, if someone were to find an issue, I wanted it to be more clear how they should report it. Let me know if it is not clear.
licaon-kter
Why is this needed?🤷