The GPAC project recommends using its nightly builds from GitHub. Would it be possible to pick a known good 2.3DEV build that fixes other outstanding CVEs (eg, commits from Oct 2023) with a maintenance strategy based on picking a newer known good nightly build to fix issues?
GPAC seems to offer some capabilities that aren't matched by fffmpeg, even, or weren't when I last checked. /df -- London UK
