FFmpeg has been many times reported with different vulnerabilities https://www.cvedetails.com/vulnerability-list/vendor_id-3611/Ffmpeg.html Most part of them explores vulnerabilities in network protocols and requests. FFmpeg has configure option --disable-network which completely disables network support. It will increase security of system if there will be option to disable network in ffmpeg port by adding this option to build configuration.
Will take a look
Not sure what the actual benefit is since most systems are either connected or offline? If it's a connected system you have more attack vectors than ffmpeg which rarely is accessible by external users.
(In reply to Daniel Engberg from comment #2) Typical case is when ffmpeg is used for processing local or uploaded files. In this case there is no need in network connection to remote servers from ffmpeg and network can be disabled. My concerns appeared after I've read https://news.ycombinator.com/item?id=10893301 - special mp4 file allowed to send local files away. If network had been disabled this attack cannot be placed even with vulnerable ffmpeg version.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=8855990a698ea489ad155282471df4ce864b8fad commit 8855990a698ea489ad155282471df4ce864b8fad Author: Thomas Zander <riggs@FreeBSD.org> AuthorDate: 2023-01-08 16:07:43 +0000 Commit: Thomas Zander <riggs@FreeBSD.org> CommitDate: 2023-01-08 16:23:22 +0000 multimedia/ffmpeg: Add NETWORK DEFAULT OPTION Details: Disabling the NETWORK OPTION (DEFAULT) allows users to compile ffmpeg without networking code in libavcodec. PR: 268786 Reported by: Alexander Ushakov <alexander@polyvizor.com> MFH: 2023Q1 multimedia/ffmpeg/Makefile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)
A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=bbc10a27f343b1a3cd34139498cfca70ac43580a commit bbc10a27f343b1a3cd34139498cfca70ac43580a Author: Thomas Zander <riggs@FreeBSD.org> AuthorDate: 2023-01-08 16:07:43 +0000 Commit: Thomas Zander <riggs@FreeBSD.org> CommitDate: 2023-01-08 23:38:29 +0000 multimedia/ffmpeg: Add NETWORK DEFAULT OPTION Details: Disabling the NETWORK OPTION (DEFAULT) allows users to compile ffmpeg without networking code in libavcodec. PR: 268786 Reported by: Alexander Ushakov <alexander@polyvizor.com> MFH: 2023Q1 (cherry picked from commit 8855990a698ea489ad155282471df4ce864b8fad) multimedia/ffmpeg/Makefile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)