Twenty One Zero-Days in FFmpeg

	Twenty One Zero-Days in FFmpeg(depthfirst.com)
	279 points by redbell 2 days ago \| 188 comments
	tl;dr: depthfirst's production autonomous security agent discovered 21 zero-day vulnerabilities in FFmpeg, after intensive security analysis by Google and Anthropic. Moving beyond theoretical analysis, our a...
	HN Discussion: ↑FFmpeg's poor security track record makes these findings unsurprising and confirms it needs sandboxing ↑The bugs are serious and have real exploitable reach in production systems ↓The article misuses the term 'zero-day' as clickbait/marketing ~The severity is overstated since exploitation requires additional conditions beyond what's shown ↓Skepticism that LLM-generated bug reports are actually valid without verification