I'm cloning this repo to make some modifications to customize. However, I've noticed that some CVEs which were confirmed and fixed by FFmpeg do not get patched in this repo. To enhance the availability of my project as far as possible, I will appreciate it if any of the CVE below do exist in this repo as well, so that I can fix these security issue myself by applying the corresponding patch.
Here are the CVEs I found in this repo unpatched, but get fixed in FFmpeg:
CVE-2020-20446 in ffmpeg/JNI/ffmpeg/libavcodec/aacpsy.c's function void psy_3gpp_analyze_channel (FFPsyContext *ctx,int channel,const float *coefs,const FFPsyWindowInfo *wi)
, with patch here for your reference.
CVE-2020-35964 in ffmpeg/JNI/ffmpeg/libavformat/vividas.c's function int track_header (VividasDemuxContext *viv,AVFormatContext *s,uint8_t *buf,int size)
, with patch here for your reference.
CVE-2020-22015 in ffmpeg/JNI/ffmpeg/libavformat/movenc.c's function mov_write_video_tag (AVFormatContext *s,AVIOContext *pb,MOVMuxContext *mov,MOVTrack *track)
, with patch here for your reference.
CVE-2020-20453 in ffmpeg/JNI/ffmpeg/libavcodec/aacenc.c's function int aac_encode_frame (AVCodecContext *avctx,AVPacket *avpkt,const AVFrame *frame,int *got_packet_ptr)
, with patch here for your reference.