[FFmpeg-devel] Open pull request to mitigate CVE-2020-12284 buffer overflow
Patrick Watts
patrick.watts at lifeway.com
Mon May 18 16:59:43 EEST 2020
All,
Apologies in advance if this is not the correct forum. We're currently
using FFmpeg in a production application, and our infosec folks have
flagged it as a vulnerability.
https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
a) has anyone applied and implemented this patch in an upcoming version of
FFmpeg?
b) has anyone had to deal with mitigating this vulnerability in your
production application, and can point us to a solution that doesn't force
us to compromise functionality?
CVE details: https://nvd.nist.gov/vuln/detail/CVE-2020-12284
Private or public replies are welcome.
Thanks!
*Patrick Watts <http://about.me/patrickwatts>*Lead Business Analyst
LifeWay Christian Resources
(615) 251-5793
Twitter: @patrickwatts <http://twitter.com/patrickwatts>
*We serve the Church in Her mission of making disciples.*
*FREE resources from LifeWay for your church:*
https://lifeway.com/coronavirus
*Download a free sample at https://vbs.lifeway.com/free-sample/
<https://vbs.lifeway.com/free-sample/>*
More information about the ffmpeg-devel
mailing list