Vulnerability
IMPORTANT: Be sure to replace all template sections {{ like this }} or your issue may be discarded.
Overview
the components in 9.0.2 whl package has many vulnerabilities.
speex 1.2.0
CVE-2020-23903
CVE-2020-23904vorbis 1.3.6 (latest is 1.3.7)
CVE-2018-10392
CVE-2018-10393libass 0.14.0 (latest is 0.15.2)
CVE-2020-26682libxml2 2.9.12 (update to 2.9.13 to fix)
CVE-2022-23308Expected behavior
Clear or update some components to the latest one
Investigation
{{ What you did to isolate the problem. }}
Reproduction
{{ Steps to reproduce the behavior. If the problem is media specific, include a link to it. Only send media that you have the rights to. }}
Versions
- OS: linux
- PyAV runtime: 9.0.2
Research
I have done the following:
-
Checked the PyAV documentation -
Searched on Google -
Searched on Stack Overflow -
Looked through old GitHub issues -
Asked on PyAV Gitter -
... and waited 72 hours for a response.