Twenty One Zero-Days in FFmpeg
Points and comments are a snapshot, not live.
Depthfirst's AI security agent discovered 21 zero-days in FFmpeg, including RCE, for $1,000.
Depthfirst deployed an autonomous security agent that discovered 21 zero-day vulnerabilities in FFmpeg at a cost of roughly $1,000, or one-tenth the cost Anthropic reported spending with Mythos. Eight vulnerabilities have been assigned CVEs; the remaining 13 are documented under internal tracking IDs. Bugs span multiple components: the TS demuxer, VP9 decoder, RTP depacketizers, and others. Several latent issues dated back 15 to 23 years. One critical flaw—a heap buffer overflow in the AV1 RTP depacketizer—is reachable over the network with a single 183-byte crafted packet. The vulnerability arises when the depacketizer skips Temporal Delimiter OBUs without advancing the input pointer or allocating memory, poisoning the write cursor and allowing attacker-controlled data to overflow into adjacent heap structures, specifically corrupting a function pointer in an AVBuffer bookkeeping struct, enabling arbitrary code execution.
What commenters are saying
Commenters agreed the findings are serious and FFmpeg's security record is poor, but emphasized that the threat depends heavily on deployment context. Several noted that browsers sandbox FFmpeg in separate processes with restricted privileges, and that conscious deployments often run FFmpeg in VMs or gVisor. One commenter pointed out that achieving RCE on systems with ASLR requires additional leaks or exploits to defeat address randomization. Another flagged FFmpeg's historically hostile posture toward security researchers, though one commenter pushed back, arguing the Twitter maintainer's response to researchers chasing CVE clout is reasonable friction. The consensus was that FFmpeg should not run on untrusted input without sandboxing, but that the vulnerability itself demonstrates both the tool's inherent attack surface and the growing capability of LLM-based security agents.