[FFmpeg-user] ffmpeg 4.4.1 security issue

Carl Eugen Hoyos ceffmpeg at gmail.com
Sun Jan 9 12:19:17 EET 2022


Am Do., 6. Jan. 2022 um 14:13 Uhr schrieb Dama, Nikhil via ffmpeg-user
<ffmpeg-user at ffmpeg.org>:

> My security team denied the download of the package, and here is the
> following explanation that they gave:
> DOWNLOAD DENIED: Muliple known vulnerabilities like CVE-2021-38171

Because of the extreme reaction by your security team it should really
be noted that if this CVE allows code execution (I don't know) only you (as
the person who starts ffmpeg) can use the vulnerability to take over your
system (with your user rights)...

Carl Eugen


More information about the ffmpeg-user mailing list