FFmpeg OSS vulnerability CVE-2023-6605

[ktnvda]

In doing an open source scan on the latest opencv 4.11.0.86 from pypi , opencv-python-headless, the scanner detected FFmpeg with the following versions that have vulnerable versions with CVE-2023-6605:

• /opencv_python_headless.libs/libavcodec.so with FFmpeg version n5.1.6
• /cv2/opencv_videoio_ffmpeg4110_.dll version n4.4.5

Can FFmpeg be updated to the latest?

[asmorkalov]

The issue has not bin fixed in the upstream repo (FFmpeg) and still open. Nothing we can do on our side today.