|
|
|
|
|
|
by plorkyeran
1895 days ago
|
|
|
Running ffmpeg on untrusted input outside of a sandbox you trust to be secure is an extremely bad idea. It doesn't have a good track record for that, and making it safe to use ffmpeg on untrusted input has never been a priority for the project. In practice things like video hosting services which use ffmpeg internally tend to disable support for most of the obscure file formats to reduce the potential attack surface. |
|
|