The prebuilt electron binaries for Windows include the file ffmpeg.dll. How can I determine what version of the underlying ffmpeg library is actually compiled to produce this dll? I need this information to understand what known vulnerabilities (CVE's, etc) might be in a given version of electron via ffmpeg.
As I understand it, the ffmpeg dll itself is taken from https://github.com/electron/nightlies/releases/ when I download my dependencies (I'm using electron-prebuilt-compile). But I'm not getting a clear picture of what the source for that binary is. I think it might be from https://chromium.googlesource.com/chromium/third_party/ffmpeg/ but then I'm not clear on the relationship of that repo with the original ffmpeg repo (e.g. how often are fixes merged from the ffmpeg repo to the chromium third-party repo, etc.)
I tried searching the content of the dll as per cody's suggestion, but no luck:
$ strings ffmpeg.dll | grep -i ffmp
FFmpeg video codec #1
Huffyuv FFmpeg variant
Not yet implemented in FFmpeg, patches welcome
C:\projects\libchromiumcontent\src\out-x64\static_library\ffmpeg.dll.pdb
ffmpeg.dll
$ strings ffmpeg.dll | grep -i version
H.263 / H.263-1996, H.263+ / H.263-1998 / H.263 version 2
MPEG-4 part 2 Microsoft variant version 1
MPEG-4 part 2 Microsoft variant version 2
MPEG-4 part 2 Microsoft variant version 3
H.263+ / H.263-1998 / H.263 version 2
On2 VP6 (Flash version)
On2 VP6 (Flash version, with alpha channel)
old standard qpel (autodetected per FOURCC/version)
direct-qpel-blocksize bug (autodetected per FOURCC/version)
edge padding bug (autodetected per FOURCC/version)
strictly conform to a older more strict version of the spec or reference software
minor_version
premiere_version
quicktime_version
Assume this x264 version if no x264 version found in any SEI
