21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks

An autonomous security agent uncovered 21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet.

FFmpeg quietly powers media processing across browsers, streaming platforms, surveillance systems, and cloud infrastructure, making it one of the most security-critical open-source libraries.

It’s roughly 1.5 million lines of heavily optimized C code that parses hundreds of complex media formats, absorbing over two decades of fuzzing and manual audits.

Google’s Big Sleep team previously disclosed 13 vulnerabilities in FFmpeg, and Anthropic’s Mythos model identified additional security issues shortly after.

Building on these milestones, security firm Depthfirst deployed a specialized autonomous agent to scan FFmpeg and found 21 previously unknown zero-days at a cost of approximately $1,000, roughly 10% of what Anthropic spent using Mythos.

21 0-Day Vulnerabilities in FFmpeg

Unlike general-purpose coding agents, Depthfirst’s security agent performs serious threat modeling across large codebases.

It maps attacker-controlled input entry points, traces data flow through relevant components, and validates whether a vulnerable path is actually reachable.

The agent generates reproducible PoC inputs to confirm vulnerabilities and eliminate false positives, with the PoC code published on GitHub by Zhenpeng (Leo) Lin of Depthfirst.

The agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP depacketizers, RTSP server, RTMP client, and more. Eight have been assigned CVEs:

CVE-2026-39210 – Heap Buffer Overflow in the TS demuxer (introduced in 2010).

CVE-2026-39211 – Integer Overflow in swscale (introduced 2010).

CVE-2026-39212 – Stack Overflow in ffmpeg_opt.c (regression from July 2025).

CVE-2026-39213 – Heap Buffer Overflow in yuv4mpegenc (introduced 2023).

CVE-2026-39214 – Stack Buffer Overflow in the SDT implementation (introduced in 2003, latent for 23 years).

CVE-2026-39215 – Heap Buffer Overflow in update_mb_info() (introduced 2012).

CVE-2026-39216 – Heap Buffer Overflow in img2enc.c (introduced 2012).

CVE-2026-39217 – Heap Buffer Overflow in the VP9 decoder (regression from March 2025).

CVE-2026-39218 – Heap Buffer Overflow in the DASH demuxer (introduced in 2017).

Additional unassigned findings include bugs in the RTP AV1 depacketizer (DFVULN-127), AVI demuxer, CAF demuxer, RTSP SDP parser, RTMP client, and AVIF overlay path, all of which have been dormant for over 15 years.

The most severe finding is a heap buffer overflow in FFmpeg’s AV1 RTP depacketizer (libavformat/rtpdec_av1.c), tracked as DFVULN-127.

The flaw lies in how the depacketizer handles Temporal Delimiter (TD) OBUs’ special markers that separate video frames.

When a TD is encountered, the code advances the write cursor (pktpos) by the attacker-declared obu_size without allocating the corresponding memory or advancing the input pointer buf_ptr.

This causes two compounding issues: the write cursor becomes poisoned, and the next iteration re-parses the TD’s own bytes as a fresh OBU with attacker-controlled contents.

The corruption lands directly on an AVBuffer struct allocated immediately after the data buffer by FFmpeg’s posix_memalign-based allocator.

At offset +24 within that struct sits a free function pointer, the exact target of the Overflow.

When the packet is subsequently reallocated, FFmpeg decrements the buffer’s reference count to zero and invokes the now-corrupted free pointer, handing the attacker full control of the instruction pointer.

A working PoC confirms that a single 183-byte RTP packet delivered over RTSP is sufficient to redirect execution, with no authentication, no user interaction, and no unusual flags required.

Any system running ffmpeg -i rtsp://attacker/stream is exposed, including media ingest pipelines, CCTV and surveillance systems, and cloud transcoding services processing remote AV1-over-RTP sources.

Administrators using FFmpeg in network-facing deployments should apply patches immediately and audit any pipeline that processes untrusted RTSP or RTP streams.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates.