Page 1 of 1
ffmpeg version 4.0.0 has known vulnerabilities
Posted: 19 Aug 2024 19:36
by arsalan99
Hello,
I am using your MobileVLCKit SDK version 4.0.0a1,
I found out that ffmpeg version in VLCKit is 4.0.0 which has vulnerabilities.
Is it possible to update 4.0.0a1 of MobileVLCKit with ffmpeg vulnerability fixes (update ffmpeg) only?
Thank you,
Re: ffmpeg version 4.0.0 has known vulnerabilities
Posted: 22 Aug 2024 20:06
by fkuehne
You can use 4.0.0a5 of VLCKit now, which should have a more up-to-date FFmpeg. However, using prerelease versions of our software in production is not advised.
Re: ffmpeg version 4.0.0 has known vulnerabilities
Posted: 23 Aug 2024 18:48
by arsalan99
Thank you,
I also saw that you had a crash on 4.0.0a5:
https://code.videolan.org/videolan/VLCKit/-/issues/730
Can you tell me if it was fixed?
Thank you,
Re: ffmpeg version 4.0.0 has known vulnerabilities
Posted: 23 Aug 2024 18:50
by fkuehne
Just search for "VLCKit". We doing a universal package in v4 and later, so "MobileVLCKit" and "TVVLCKit" will go away.
Re: ffmpeg version 4.0.0 has known vulnerabilities
Posted: 23 Sep 2024 22:39
by arsalan99
Hello,
I tested 4.0.0a5, and I am observing crashes with with handleEvent method when trying to play audio file.
Also I tired to search for more info about it, and I saw others reported about some crashes in 4.0.0a5,
I couldn't find any topics related to the fix, can you tell me if there any other version that has updated FFmpeg without crash?