We use Ostorlab to scan our application built by Flutter and found an high risk issue:
Android:
Dependency libvpx: libvpx is a free software video codec library from Google and the Alliance for Open Media. It serves as the reference software implementation for the VP8 and VP9 video coding formats, and for AV1 a special fork named libaom that was stripped of backwards compatibility.
Dependency libvpx version 1.9.0 was detected at config.arm64_v8a-1046000.apk/lib/arm64-v8a/libjingle_peerconnection_so.so and suffers from the following vulnerabilities:
CVE-2023-44488: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
iOS:
Dependency libvpx: libvpx is a free software video codec library from Google and the Alliance for Open Media. It serves as the reference software implementation for the VP8 and VP9 video coding formats, and for AV1 a special fork named libaom that was stripped of backwards compatibility.
Dependency libvpx version 1.9.0 was detected at Payload/Runner.app/Frameworks/WebRTC.framework/WebRTC and suffers from the following vulnerabilities:
CVE-2023-44488: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
Do you have plan upgrade the lib in next WebRTC version releases?
We've merged in a cherry-pick here that pulls in a later version of libvpx. However, the version strings did not update due to the way this was merged.
We use Ostorlab to scan our application built by Flutter and found an high risk issue:
Android:
iOS:
Do you have plan upgrade the lib in next WebRTC version releases?