FlatScreen 15 Posted October 5, 2022 Posted October 5, 2022 How do we apply patch, if needed, for CVE-2022-2566? 1
Happy2Play 9780 Posted October 5, 2022 Posted October 5, 2022 @softworkz Since Emby builds their own ffmeg, I believe the devs would have to.
softworkz 5066 Posted October 5, 2022 Posted October 5, 2022 4 hours ago, HSEmbyBox said: How do we apply patch, if needed, for CVE-2022-2566? Thanks for the hint! The patch will be included in ffmpeg shipped with the next Emby beta. The current Emby stable releases are based on ffmpeg 5.0 and are unaffected. 1 1 1
FlatScreen 15 Posted October 13, 2022 Author Posted October 13, 2022 Does 4.8.0.11-beta contains the fix?
Solution softworkz 5066 Posted October 13, 2022 Solution Posted October 13, 2022 It depends on the platform package. The majority of beta packages always get our latest ffmpeg. The best way you can tell is from the ffmpeg version number. When it is 5.1-emby_2022_10_11 or a later date, then it has the fix included.
TheWopR 0 Posted October 2, 2023 Posted October 2, 2023 Hello everyone, How to patch a beta version on FreeBSD because even on version 4.8.0.49_1 the following vulnerabilities are present: emby-server-4.8.0.49_1 is vulnerable: ffmpeg -- multiple vulnerabilities CVE: CVE-2022-3964 CVE: CVE-2022-3341 CVE: CVE-2022-3109 Sincerely
softworkz 5066 Posted October 2, 2023 Posted October 2, 2023 CVE-2022-3964 - QuickTime Encoder => Emby never encodes to QuickTime formats CVE-2022-3341- Nut container format parser => A format that isn't used by anybody => Risk: app crash (only the ffmpeg process would crash, not Emby Server) CVE-2022-3109 - NuppelVideo Encoder => Emby never encodes to this format => None of these CVE's is relevant in the context of Emby Server 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now