[FFmpeg-devel] [RFC][PATCH] configure: Disable unsafe demuxers by default

Marton Balint cus at passwd.hu
Thu May 10 20:47:58 EEST 2018

On Thu, 10 May 2018, Derek Buitenhuis wrote:

> These demuxers have probes that mainly probe based on file extension,
> and map to codec IDs that render text as video. The result is that
> ffmpeg will, by default, happily render, for example, .txt files
> as images. This is not exactly a good security practice, an only
> makes it easier for potential attackers to gain the contents of
> system files.

Maybe it is better if we simply get rid of the "probing" part, so the user 
would have to explicitly specify the demuxer to use them.


More information about the ffmpeg-devel mailing list