Hi Team, we are using ffmpeg 5.0.1 libraries in our application. Recently vulnerabilities has been reported in WebP library . And looks like Ffmpeg also uses WebP library https://github.com/FFmpeg/FFmpeg/blob/n6.0/libavcodec/webp.c . https://www.cve.org/CVERecord?id=CVE-2023-4863 https://security.snyk.io/vuln/SNYK-UNMANAGED-CHROMIUM-5892808 https://security.snyk.io/vuln/SNYK-UNMANAGED-WEBMPROJECTLIBWEBP-5918283
It says libwebp 1.3.2 is affected . Can you let us know which version of libwebp we are using in Ffmpeh 5.0.1 ? Can someone confirm if ffmpeg 5.0.1 is also affected by this vulnerability ? And when is it expected to get fix for this vulnerability in ffmpeg ? Regards, Rahul K
_______________________________________________ Libav-user mailing list [email protected] https://ffmpeg.org/mailman/listinfo/libav-user To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
