Techly NewsGet the app

Get the latest tech news

Twenty One Zero-Days in FFmpeg


depthfirst's production autonomous security agent discovered 21 zero-day vulnerabilities in FFmpeg, after intensive security analysis by Google and Anthropic. Moving beyond theoretical analysis, our agent produces concrete, reproducible PoC inputs to confirm its findings at a fraction of the costs ($1k vs. $10k). Several of the findings had been sitting latent for 15 to 20 years. We explored the exploitability of the issues and developed a PoC demonstrating a RCE exploit primitive.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Days

Days

Photo of ffmpeg

ffmpeg

Related news:

News photo

US shortens cyber fix window to three days as AI threats rise

News photo

AMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patch

News photo

AMD changes rules, denies researcher $10,000 bounty after taking 124 days to patch security flaw

« ‘You will not speak on Flock tonight’ — County Commissioner refuses to let residents opposing Flock speak at meeting
Show HN: Turn your name into a tree in an infinite procedural shanshui landscape »