[FFmpeg-devel] Open pull request to mitigate CVE-2020-12284 buffer overflow
Paul B Mahol
onemda at gmail.com
Mon May 18 23:46:34 EEST 2020
Already asked and answered several times.
On 5/18/20, Patrick Watts <patrick.watts at lifeway.com> wrote:
> All,
>
> Apologies in advance if this is not the correct forum. We're currently
> using FFmpeg in a production application, and our infosec folks have
> flagged it as a vulnerability.
>
> https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
>
> a) has anyone applied and implemented this patch in an upcoming version of
> FFmpeg?
> b) has anyone had to deal with mitigating this vulnerability in your
> production application, and can point us to a solution that doesn't force
> us to compromise functionality?
>
> CVE details: https://nvd.nist.gov/vuln/detail/CVE-2020-12284
>
> Private or public replies are welcome.
>
> Thanks!
>
>
> *Patrick Watts <http://about.me/patrickwatts>*Lead Business Analyst
> LifeWay Christian Resources
> (615) 251-5793
> Twitter: @patrickwatts <http://twitter.com/patrickwatts>
>
>
> *We serve the Church in Her mission of making disciples.*
> *FREE resources from LifeWay for your church:*
> https://lifeway.com/coronavirus
>
>
>
> *Download a free sample at https://vbs.lifeway.com/free-sample/
> <https://vbs.lifeway.com/free-sample/>*
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list