[FFmpeg-devel] sws support xyz input floors MS Antivirus Program

Jan Ehrhardt phpdev at ehrhardt.nl
Mon May 6 14:06:23 CEST 2013

Nicolas George in gmane.comp.video.ffmpeg.devel (Mon, 6 May 2013
11:45:31 +0200):
>If anything, providing ffmpeg binaries that trigger it is best, because it
>will trigger it harmlessly (the service crashes, it does not get exploited)
>and convince people to disable it until microsoft publishes a fix.

Of course, it is his call. But it would not be my choice. I regularly
build PHP myself and make those builds available through sites like
Apachelounge. If I knew that a PHP-component could trigger this
vulnerability, I would disable that component and clearly state why I
did such. Even though ffmpeg in it self does not have a security risk,
there is always a chance that making MSE crash gives other attackers
golden opportunities.

To some users it might not even be clear what causes the MSE-crash. You
do not have to run FFmpeg.exe, just the (background!) scan by MSE is
enough. I am no average user, but it took me a while to realise that the
crashes of MSE were caused by building FFmpeg.exe.


More information about the ffmpeg-devel mailing list