About vulnerabilities of FFmpeg and Livav for i.MX6 series BSP.

satoshishimoda · ‎02-08-2016

Hi community,

I have a question about i.MX6 series BSP.

Please see the following link, the vulnerability of FFmpeg and Livav were reported.

Vulnerability Note VU#772447 - ffmpeg and Libav cross-domain information disclosure vulnerability

Then, I want to confirm whether i.MX6 BSP includes these vulnerability.

I think all revision of i.MX6 Linux and Android BSP include the vulnerability, right?

Or some BSP avoid the vulnerability?

If some BSP avoid it, would you let me know what BSP revision avoid the proble?

Especially, I want to know about jb4.2.2_1.1.0-ga.

Best Regards,

Satoshi Shimoda

qiang_li-mpu_se · ‎02-16-2016

Hi Satoshi, for NXP Android BSP, the playlist was not handled by ffmpeg and livav, the media player is our own OMX player, so we think this vulnerability has no impact to our BSP.

View solution in original post

qiang_li-mpu_se · ‎02-16-2016

Hi Satoshi, for NXP Android BSP, the playlist was not handled by ffmpeg and livav, the media player is our own OMX player, so we think this vulnerability has no impact to our BSP.

gusarambula · ‎02-17-2016

Thank you, Qiang Li!

About vulnerabilities of FFmpeg and Livav for i.MX6 series BSP.

About vulnerabilities of FFmpeg and Livav for i.MX6 series BSP.

i.MX6_All

i.MX6DL

i.MX6Dual

i.MX6DualPlus6QuadPlus

i.MX6Quad

i.MX6S

i.MX6SL

i.MX6SoloX

i.MX6UL