|
|
|
|
|
|
by vreg
236 days ago
|
|
|
If that is true then Google should be strictly sandboxing ffmpeg and filtering the input before it even gets there. A solid defense-in-depth approach would make sure it's highly unlikely this vulnerable code would be reached, and if it was, there would be effectively no impact. They should be building ffmpeg with a minimal feature set anyway, so none of these obscure codecs end up included in the final binary. |
|
|