[Libav-user] WebP library vulnerability in ffmpeg
Kumar, Rahul
Rahul.Kumar8 at Honeywell.com
Wed Oct 18 14:38:03 EEST 2023
Hi Team,
we are using ffmpeg 5.0.1 libraries in our application. Recently vulnerabilities has been reported in WebP library . And looks like Ffmpeg also uses WebP library https://github.com/FFmpeg/FFmpeg/blob/n6.0/libavcodec/webp.c .
https://www.cve.org/CVERecord?id=CVE-2023-4863
https://security.snyk.io/vuln/SNYK-UNMANAGED-CHROMIUM-5892808
https://security.snyk.io/vuln/SNYK-UNMANAGED-WEBMPROJECTLIBWEBP-5918283
It says libwebp 1.3.2 is affected . Can you let us know which version of libwebp we are using in Ffmpeh 5.0.1 ?
Can someone confirm if ffmpeg 5.0.1 is also affected by this vulnerability ? And when is it expected to get fix for this vulnerability in ffmpeg ?
Regards,
Rahul K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://ffmpeg.org/pipermail/libav-user/attachments/20231018/d353b90e/attachment.htm>
More information about the Libav-user
mailing list