ffmpeg version 4.0.0 has known vulnerabilities

arsalan99 · Postby **arsalan99** » 19 Aug 2024 19:36

Hello,
I am using your MobileVLCKit SDK version 4.0.0a1,
I found out that ffmpeg version in VLCKit is 4.0.0 which has vulnerabilities.
Is it possible to update 4.0.0a1 of MobileVLCKit with ffmpeg vulnerability fixes (update ffmpeg) only?

Thank you,

Postby **fkuehne** » 22 Aug 2024 20:06

You can use 4.0.0a5 of VLCKit now, which should have a more up-to-date FFmpeg. However, using prerelease versions of our software in production is not advised.

arsalan99 · Postby **arsalan99** » 23 Aug 2024 18:48

Thank you,
I also saw that you had a crash on 4.0.0a5: https://code.videolan.org/videolan/VLCKit/-/issues/730

Can you tell me if it was fixed?

Thank you,

Postby **fkuehne** » 23 Aug 2024 18:50

Just search for "VLCKit". We doing a universal package in v4 and later, so "MobileVLCKit" and "TVVLCKit" will go away.

arsalan99 · Postby **arsalan99** » 23 Sep 2024 22:39

Hello,
I tested 4.0.0a5, and I am observing crashes with with handleEvent method when trying to play audio file.
Also I tired to search for more info about it, and I saw others reported about some crashes in 4.0.0a5,
I couldn't find any topics related to the fix, can you tell me if there any other version that has updated FFmpeg without crash?

The VideoLAN Forums

ffmpeg version 4.0.0 has known vulnerabilities

ffmpeg version 4.0.0 has known vulnerabilities

Re: ffmpeg version 4.0.0 has known vulnerabilities

Re: ffmpeg version 4.0.0 has known vulnerabilities

Re: ffmpeg version 4.0.0 has known vulnerabilities

Re: ffmpeg version 4.0.0 has known vulnerabilities

Who is online