I’m prompted to fix it by updating libVorbis to version 1.3.7 or higher.
I’ve found the folder that contains the library: \UE_4.27\Engine\Source\ThirdParty\Vorbis\libvorbis-1.3.2
However when I download the latest version of libVorbis as .zip, it has a completely different file- and folder structure. I assume that I have to somehow build/compile this for UE 4.27 (?) which I don’t have any experience with.
Does anyone have a hint or is there a beginner/non-programmer-friendly documentation how to update the library?
This issue in link was published in 2020-12-26 04:15:12 but unreal 5.4 still uses vorbis 1.3.2 so I wouldn’t worry about it.
Unreal may also be using a custom version of that library.
Also did you read description of that vulnerability? I wonder why is a bug from a dancing game marked as a vulnerability ( maybe some kind of joke idk)?
I’m also not sure why it comes up now and never before. Attached is a screenshot of the warning described with “This security vulnerability is important, consider fixing it.”
If it doesn’t make much sense to look into that, I’ll ignore it for now and hope it still gets published as usual.
Was a pain but I build them myself and it work perfect, no more vulnerability warning in Meta Quest Portal.
I going to shared here LibVorbisUpdateForUnreal 4 - Google Drive
One rar is for the Dlls in Engine/Binaries/Thirdparty/ (OGG and Vorbis)
The other rar for the libs in Engine/Source/Thirdparty/ (OGG and Vorbis)
