mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 09:52:37 +02:00
Ignore CVE-2024-5175 from our security scans
Ignore CVE-2024-5175 from our security scans, because Dangerzone is not affected by it. Our assessment follows: The affected library, `libaom.so`, is linked by GStreamer's `libgstaom.so` library. The vulnerable `aom_img_alloc` function is only used when **encoding** a video to AV1. LibreOffce uses the **decode** path instead, when generating thumbnails. Closes #895
This commit is contained in:
Alex Pyrgiotis
parent
c1dbe9c3e3
commit
141c1e8a23
1 changed files with 13 additions and 0 deletions
13
.grype.yaml
13
.grype.yaml
|
|
@ -43,3 +43,16 @@ ignore:
|
|||
# > typically be under attacker control making active exploitation
|
||||
# > unlikely.
|
||||
- vulnerability: CVE-2024-5535
|
||||
# CVE-2024-5171
|
||||
# =============
|
||||
#
|
||||
# NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2024-5171
|
||||
# Verdict: Dangerzone is not affected. The rationale is the following:
|
||||
#
|
||||
# The affected library, `libaom.so`, is linked by GStreamer's `libgstaom.so`
|
||||
# library. The vulnerable `aom_img_alloc` function is only used when
|
||||
# **encoding** a video to AV1. LibreOffce uses the **decode** path instead,
|
||||
# when generating thumbnails.
|
||||
#
|
||||
# See also: https://github.com/freedomofpress/dangerzone/issues/895
|
||||
- vulnerability: CVE-2024-5171
|
||||
|
|
|
|||
Loading…
Reference in a new issue