Potential Vulnerability in Cloned Code#119
Open
tabudz wants to merge 1 commit intolinkingvision:masterfrom
Open
Potential Vulnerability in Cloned Code#119tabudz wants to merge 1 commit intolinkingvision:masterfrom
tabudz wants to merge 1 commit intolinkingvision:masterfrom
Conversation
Loading
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Our tool detected a potential vulnerability in 3rdparty/ffmpeg/libavformat/rmdec.c which was cloned from FFmpeg/FFmpeg but did not receive the security patch applied. The original issue was reported and fixed under https://nvd.nist.gov/vuln/detail/cve-2017-14054.
Proposed Fix
Apply the same patch as the one in FFmpeg/FFmpeg to eliminate the vulnerability.
Reference
https://nvd.nist.gov/vuln/detail/cve-2017-14054
FFmpeg/FFmpeg@124eb20