These libraries are only used for encoding in FFmpeg, removing them from FFmpeg will not reduce the chance for an exploit: libshine libspeex libwavpack libtwolame libtheora libwebp
All other libraries in your list are not the default decoders for any input file, I am not convinced they can be used to exploit issues using FFmpeg or any media player using libavcodec. Note that as long as these libraries are used by any application in Ubuntu, removing them from FFmpeg will not likely reduce the general chance for an exploit. So if you feel that libopenjp2 is likely susceptible for security issues, you should vote for its complete removal from Ubuntu, not necessarily from FFmpeg in Ubuntu. Finally, note that in the past (year), Ubuntu had troubles updating FFmpeg releases, indicating FFmpeg in Ubuntu was vulnerable to known issues (while I assume your list is about theoretical exploits), so if you want to invest time in increasing FFmpeg security in Ubuntu, you should consider helping the packagers. (I am tempted to point you to known unfixed security issues concerning libavcodec in past but maintained Ubuntu releases but it may be better not to fan the flames here.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1653782 Title: remove / compile without libschroedinger, libtheora, libspeex, ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/1653782/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
