(twitter.com)

104 points trollied | 1 comments | 01 Nov 25 20:59 UTC | HN request time: 0s | source

Show context

TheChaplain ◴[01 Nov 25 21:42 UTC] No.45785676[source]▶

The comments from the public.. Just wow we are doomed..

To explain, Googles vulnerability scanner found a problem in an obscure decoder for a 1990s game files (Lucasfilm Smush). Devs are not happy they get timewasting reports on stuff that rarely anyone ever uses except an exceptionally tiny group.

Then people start berating them without even knowing the full story...

replies(3): >>45785704 #>>45785787 #>>45786348 #

cebert ◴[01 Nov 25 21:47 UTC] No.45785704[source]▶

>>45785676 #

I could see a compromise where if there are obscure codecs that may not be as secure, FFmpeg would present a warning before loading the file. This way, the user would have the option to decide whether to load the file or not. By default, potentially malicious files would not be loaded, which could prevent them from being used as part of an exploit. This seems like a reasonable compromise.

replies(1): >>45785749 #

1. kvemkon ◴[01 Nov 25 21:53 UTC] No.45785749[source]▶

>>45785704 #

> FFmpeg would present a warning

Reminds me of gstreamer plugins being separated in "base", "good", "bad" and "ugly" sets.

↑

FFmpeg dealing with a security researcher