Announcement

Collapse
No announcement yet.

FFmpeg 6.0 Will Be Big With AV1 Hardware Decoding, Many Other Features

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by schmidtbag View Post
    If you're really that concerned about the safety of your media transcoding, I think you need to reevaluate where you're getting it from.
    Firefox and Chrome use FFmpeg too, and any website I visit can load some invisible video that I might not even see.
    Like: <video src="evil.mp4" height="0" width="0" autoplay muted />

    Even a trusted website can be hacked and changed into do this. Especially with all these third-party JavaScript dependencies, libraries and CDNs.
    Last edited by uid313; 08 February 2023, 05:09 PM.

    Comment


    • #22
      Originally posted by uid313 View Post

      Firefox and Chrome use FFmpeg too, and any website I visit can load some invisible video that I might not even see.
      Like: <video src="evil.mp4" height="0" width="0" autoplay muted />

      Even a trusted website can be hacked and changed into do this. Especially with all these third-party JavaScript dependencies, libraries and CDNs.
      Codecs, decoders and related systems are indeed an interesting vector for exploitation, but I think rewriting them in Rust (especially the vendor specific hardware decoders and the labor intensive software decoders) is not very practical or even necessarily useful.

      Comment

      Working...
      X