vulnerability Problems

IMPORTANT: Be sure to replace all template sections {{ like this }} or your issue may be discarded.

Overview

the components in 9.0.0 whl package has many vulnerabilities.

openjpeg 2.3.1 (The latest is 2.4.0 you can upate to 2.4.0 to fix)

CVE-2020-8112  
CVE-2020-27844   
CVE-2020-27823   
CVE-2020-27814   
CVE-2020-6851  
CVE-2020-15389 
CVE-2020-27843  
CVE-2019-12973 
CVE-2020-27841 
CVE-2020-27824
CVE-2020-27845 
CVE-2020-27842 

ffmpeg 4.3.3

CVE-2020-35965
CVE-2021-38291

gnutls 3.6.16

CVE-2021-20232
CVE-2021-20231

libgmp 6.2.1

CVE-2021-43618

wavpack 5.3.0

CVE-2020-35738

Expected behavior

Clear or update some components to the latest one

Investigation

{{ What you did to isolate the problem. }}

Reproduction

{{ Steps to reproduce the behavior. If the problem is media specific, include a link to it. Only send media that you have the rights to. }}

Versions

• OS: linux
• PyAV runtime: 9.0.0

Research

I have done the following:

• Checked the PyAV documentation
• Searched on Google
• Searched on Stack Overflow
• Looked through old GitHub issues
• Asked on PyAV Gitter
• ... and waited 72 hours for a response.