Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need confirmation for some unpatched CVE in FFmpeg #404

Open
the-Chain-Warden-thresh opened this issue Oct 31, 2023 · 0 comments
Open

Need confirmation for some unpatched CVE in FFmpeg #404

the-Chain-Warden-thresh opened this issue Oct 31, 2023 · 0 comments

Comments

@the-Chain-Warden-thresh

I'm cloning this repo to make some modifications to customize. However, I've noticed that some CVEs which were confirmed and fixed by FFmpeg do not get patched in this repo. To enhance the availability of my project as far as possible, I will appreciate it if any of the CVE below do exist in this repo as well, so that I can fix these security issue myself by applying the corresponding patch.
Here are the CVEs I found in this repo unpatched, but get fixed in FFmpeg:

CVE-2020-20453 in SmallVideoRecord2/SmallVideoLib2/ffmpeg-3.2.5/libavcodec/aacenc.c's function static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, const AVFrame *frame, int *got_packet_ptr), with patch here for your reference.

CVE-2020-20446 in SmallVideoRecord2/SmallVideoLib2/ffmpeg-3.2.5/libavcodec/aacpsy.c's function static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel, const float *coefs, const FFPsyWindowInfo *wi), with patch here for your reference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant