←back to thread

FFmpeg dealing with a security researcher

(twitter.com)
104 points trollied | 1 comments | 01 Nov 25 20:59 UTC | HN request time: 0s | source
Show context
cebert ◴[01 Nov 25 21:41 UTC] No.45785659[source]
It looks like the FFmpeg account on X is calling out Google for using AI to mass-report CVEs in obscure volunteer maintained codecs, then expecting unpaid maintainers to rush fixes. Large, profitable firms rely on FFmpeg everywhere, but don’t seem to be contributing much to the project.
replies(4): >>45786257 #>>45786260 #>>45786339 #>>45792437 #
1. socalgal2 ◴[01 Nov 25 23:10 UTC] No.45786339[source]
A quick search of the ffmpeg commit history shows google has made plenty of contributions to ffmpeg. They may or may not provide a patch for this CVE but reporting it is the first step so people can then decide what action to take (like don't compile that codec in for example)