These libraries are only used for encoding in FFmpeg, removing them from FFmpeg
will not reduce the chance for an exploit:
libshine
libspeex
libwavpack
libtwolame
libtheora
libwebp
All other libraries in your list are not the default decoders for any input
file, I am not convinced they can be used to exploit issues using FFmpeg or any
media player using libavcodec.
Note that as long as these libraries are used by any application in Ubuntu,
removing them from FFmpeg will not likely reduce the general chance for an
exploit.
So if you feel that libopenjp2 is likely susceptible for security issues, you
should vote for its complete removal from Ubuntu, not necessarily from FFmpeg
in Ubuntu.
Finally, note that in the past (year), Ubuntu had troubles updating FFmpeg
releases, indicating FFmpeg in Ubuntu was vulnerable to known issues (while I
assume your list is about theoretical exploits), so if you want to invest time
in increasing FFmpeg security in Ubuntu, you should consider helping the
packagers.
(I am tempted to point you to known unfixed security issues concerning
libavcodec in past but maintained Ubuntu releases but it may be better not to
fan the flames here.)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1653782
Title:
remove / compile without libschroedinger, libtheora, libspeex, ...
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1653782/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs