Twenty One Zero-Days in FFmpeg
redbell
163 points
95 comments
June 12, 2026
Related Discussions
Found 5 related stories in 102.8ms across 10,324 title embeddings via pgvector HNSW
- FFmpeg 101 (2024) vinhnx · 20 pts · March 21, 2026 · 64% similar
- FFmpeg 8.1 gyan · 373 pts · March 17, 2026 · 56% similar
- FFmpeg at Meta: Media Processing at Scale sudhakaran88 · 239 pts · March 09, 2026 · 56% similar
- FFmpeg 8.1 "Hoare" has been released jbk · 22 pts · March 16, 2026 · 53% similar
- Show HN: FFmpeg WebCLI – Full FFmpeg in Browser, Offline PWA, No Uploads(WASM) tejaswigowda · 76 pts · June 04, 2026 · 53% similar
Discussion Highlights (17 comments)
bethekidyouwant
How does the browser use it ?unless they mean there’s a zero day in libavcodec
nemothekid
> The reach of this bug is what makes it serious. Any deployment that points FFmpeg at an attacker-influenced RTSP URL is exposed: media ingest pipelines fetching user-supplied stream URLs, surveillance and CCTV systems pulling RTSP feeds, and transcoding services processing remote AV1-over-RTP sources Wow this is actually pretty serious - I'm even surprised its being published. There are several services where I can imagine this is exploitable today.
jacobgold
I've been using ffmpeg for a very long time, both personally and for services I've built. Fabrice Bellard is a genius, and the developers who have taken it so far have made the world measurably richer. But I can't think of a program more worthy of sandboxing when run with untrusted input than ffmpeg. It's a huge amount of C dealing with the most complicated video and audio codecs, which is notoriously impossible to get completely right. But it's not actually that big of a problem. I run ffmpeg inside a VM or gVisor, and the end result is usually a video file that I'm perfectly willing to play in my browser, where it gets decoded in yet another sandbox because this shit is hard.
wavemode
> At this point the corrupted free pointer is called, and control of the instruction pointer is ours. Very serious, though in practice it doesn't sound like this bug achieves arbitrary RCE on its own (especially in the presence of ASLR). You would need there to be some writable and executable page of memory lying around.
ttoinou
Is the future of defense-against-foreign-agents-on-my-codebase to subtly hide prompt injections into one’s codebase that would defeat agents to find security bugs ? If the attackers of ffmpeg need to be using such those authors’ services to find RCE in popular tools to attack, what the ffmpeg team needs to defeat attackers is to reduce efficiency of such tools depthfirst
fizzynut
I find difficult to know how serious the issue is, if it is even an issue. LLM constantly confidently giving me this same sounding script with a "the root cause" and how it "is simple" while being completely incorrect.
zerobees
Ffmpeg has an exceptionally terrible track record when it comes to security. People have been throwing fuzzers at it for as long as I remember and coming back with a nearly inexhaustible supply of memory corruption bugs. Here's an effort by one Googler a decade ago: https://security.googleblog.com/2014/01/ffmpeg-and-thousand-... So, while it's a demo of the capabilities of LLMs, this should not be at all surprising. Ffmpeg is absolutely not something you should be running outside of a sandbox if you're touching any untrusted or user-supplied content. I know that people do, and these people are taking unreasonable risks.
bayouborne
What about VLC's own built-in versions of decoding libraries (I think, from the FFmpeg project)? Is there a scenario here where we may have to deal with malicious MP4 files?
omoikane
Is there a timeline for each of these bugs? I wonder if these bugs had been reported to ffmpeg yet.
Philpax
"No way to prevent this" say users of only language where this regularly happens, etc, etc. Several of these bugs do not appear to be in hot code and would have been detected by a language with saner behaviour.
da_chicken
That's not what "zero-day" means.
lschueller
Inflated use of the term zero-day, while none of the described vulnerabilities is actually a zero-day. But it sounds and clicks good.. thank you for the PoC.
tom_
> A victim only has to run ffmpeg -i rtsp://attacker/stream, the most ordinary command imaginable What about "ls"?
kodt
Infinity - 21 is still infinity
0xbadcafebee
Even if this isn't as big a deal as this [advertisement for a security company] seems, it is a reminder that every application you release does have a security hole somewhere, and a script kiddie can now find it 5 minutes after release for $2 in credit. If you're not red-teaming your code before release, hackers are doing it after.
appleappleapple
Help me understand: depthfirst seems to be bigging up their “security agent” here, but is it not just prompt engineering + writing skill files? What goes into producing a “security agent” beyond this? Feels like they’re really gussying up a process that is ultimately just LLM usage
guessmyname
I think the industry is optimizing for the wrong thing. Generating thousands of AI-written bug reports is easy, at least with Mythos (preview 1) or GPT-5.5. Getting bugs fixed is the hard part. A few months ago I started working on a system that finds critical security issues and opens PRs instead of just filing reports. The acceptance rate is sitting at roughly 94% so far. Most of the failures were due to project-specific kill switches or other internal mechanisms that weren’t documented, not because the vulnerability itself was misidentified. Developers generally seem to prefer this approach. A bug report creates work. A good PR removes work. That sounds obvious, but a lot of security products still stop at the report and call it a day.