Announcement

Collapse
No announcement yet.

VP8/VP9's libvpx 1.13.1 Released Due To A High Severity Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by peterdk View Post
    I expect that in the long run people/companies will require that codecs are written in memory safe languages.
    Or even better, formally proven to be safe (using Prustli for instance).

    Comment


    • #22
      Originally posted by bug77 View Post
      Wait, what? A web page that tells my browser to encode things? Wth? I mean, it's possible, technically, but who really visits page that make them encode video?
      That's what you get when you bake the building blocks for video conferencing into the browser.

      Comment


      • #23
        Originally posted by ssokolow View Post

        That's what you get when you bake the building blocks for video conferencing into the browser.
        But video conferencing would encode your local stream, not something crafted by a 3rd party...
        But the CVE is not about browsers, it's about libvpx encoding something from an html element. Not sure why you'd enable that. At least not by default. Then again, I did not read the whole CVE, maybe it's all explained in there, somewhere.

        Comment


        • #24
          Originally posted by bug77 View Post
          But video conferencing would encode your local stream, not something crafted by a 3rd party...
          But the CVE is not about browsers, it's about libvpx encoding something from an html element. Not sure why you'd enable that. At least not by default. Then again, I did not read the whole CVE, maybe it's all explained in there, somewhere.
          I think they're talking about HTMLCanvasElement.captureStream() and the corresponding methods on the video and audio tags, which were likely intended for stuff like doing OBS-style "Twitch streamer composited into the corner of the footage" compositing in the browser.

          Comment

          Working...
          X