mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 18:02:38 +02:00
Ignore CVE-2024-5175 from our security scans
Ignore CVE-2024-5175 from our security scans, because Dangerzone is not affected by it. Our assessment follows: The affected library, `libaom.so`, is linked by GStreamer's `libgstaom.so` library. The vulnerable `aom_img_alloc` function is only used when **encoding** a video to AV1. LibreOffce uses the **decode** path instead, when generating thumbnails. Closes #895
This commit is contained in:
Alex Pyrgiotis
parent
c1dbe9c3e3
commit
141c1e8a23
1 changed files with 13 additions and 0 deletions
13
.grype.yaml
13
.grype.yaml
|
|
@ -43,3 +43,16 @@ ignore:
|
||||||
# > typically be under attacker control making active exploitation
|
# > typically be under attacker control making active exploitation
|
||||||
# > unlikely.
|
# > unlikely.
|
||||||
- vulnerability: CVE-2024-5535
|
- vulnerability: CVE-2024-5535
|
||||||
|
# CVE-2024-5171
|
||||||
|
# =============
|
||||||
|
#
|
||||||
|
# NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2024-5171
|
||||||
|
# Verdict: Dangerzone is not affected. The rationale is the following:
|
||||||
|
#
|
||||||
|
# The affected library, `libaom.so`, is linked by GStreamer's `libgstaom.so`
|
||||||
|
# library. The vulnerable `aom_img_alloc` function is only used when
|
||||||
|
# **encoding** a video to AV1. LibreOffce uses the **decode** path instead,
|
||||||
|
# when generating thumbnails.
|
||||||
|
#
|
||||||
|
# See also: https://github.com/freedomofpress/dangerzone/issues/895
|
||||||
|
- vulnerability: CVE-2024-5171
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue