Windows: LAME: Security Vulnerabilities

I installed Anki version 2.1.38 on a Windows 7 virtual machine and saw that the installer installed LAME version 3.99.5 at C:\Program Files\Anki\lame.exe. Since the LAME developers have fixed quite a few security vulnerabilities since 3.99.5, are there any plans to include the latest version of LAME in Anki?

The Forums search and Knowledge Base search didn’t turn up anything about this topic.

In case it’s relevant, here’s the debug info:

Anki 2.1.38 (355e4cd5) Python 3.8.6 Qt 5.14.2 PyQt 5.14.2
Platform: Windows 7
Flags: frz=True ao=False sv=1
Add-ons, last update check: 2021-01-17 22:13:43


===Add-ons (active)===
(add-on provided name [Add-on folder, installed at, version, is config changed])


===IDs of active AnkiWeb add-ons===


===Add-ons (inactive)===
(add-on provided name [Add-on folder, installed at, version, is config changed])
1 Like

Anki only ever feeds LAME wave files that it has created itself, so maliciously-crafted wave files should not be an issue in the core program. It is used by some add-ons however, so I’ve made a note to look into updating it when I have a chance.

2 Likes