Twenty One Zero-Days in FFmpeg (depthfirst.com)
237 points by redbell 15 hours ago
zerobees 13 hours ago
Ffmpeg has an exceptionally terrible track record when it comes to security. People have been throwing fuzzers at it for as long as I remember and coming back with a nearly inexhaustible supply of memory corruption bugs. Here's an effort by one Googler a decade ago:
https://security.googleblog.com/2014/01/ffmpeg-and-thousand-...
So, while it's a demo of the capabilities of LLMs, this should not be at all surprising. Ffmpeg is absolutely not something you should be running outside of a sandbox if you're touching any untrusted or user-supplied content. I know that people do, and these people are taking unreasonable risks.
simjnd 5 hours ago
FFMPEG has consistently expressed their frustration with the fact that there is a large number of people willing and eager to publish vulnerabilities found in the project, but a comparatively minuscule number of people willing to work on patches to fix them.
LegionMammal978 2 hours ago
On the other hand, there's been an endless parade of recent posts from other FOSS maintainers saying "we don't want your drive-by PRs": it's not hard to see people getting dissuaded from the whole dance of determining whether a project is receptive at all, then whether it has a reasonable number of hoops for outsiders to jump through.
Now, personally, when I file a bug report for a FOSS project I like to suggest an underlying cause and fix if I can figure it out, but I more rarely just submit a PR outright.
ftchd an hour ago
codedokode 3 hours ago
If there are so many vulnerabilities, should not they change approach to development, for example, use memory-safe languages, static analysis, do not use dubious "hacks" that break it?
ivanjermakov 3 hours ago
cryo32 3 hours ago
jstanley 4 hours ago
Some of the ffmpeg developers were on Lex Fridman's podcast recently, and the topic of security came up.
They were talking about how there was a vulnerability in an extremely niche codec that is only used for one video game from the 90s or something, and were saying that the person who reported the vulnerability was acting like it was a big deal but it's really not because this codec is hardly ever used.
I was left wondering whether they were oblivious to the fact that an attacker who can supply a video file to you is free to use whatever video codec they want? It wouldn't matter if the developers thought the codec was never used at all; if it is still available then an attacker can use it.
Or was I just missing something? Is there a good reason why vulnerabilities in this codec are not a big deal after all?
m4rtink 4 hours ago
Is it really available in practice ? Eg. do major distros even compile ffmpeg with these obscure codecs or you need to recompile it yourself to get it ?
defrost 4 hours ago
Big pipeline fat data users of ffmpeg can and do build their own executables that only include the top N codecs, that eliminates minor bug in obscure never used format problems pretty thoroughly.
franga2000 3 hours ago
The user is not free to use whatever codec they want. Many niche codecs can't be put into the usual containers, so if you only accept QuickTime/MP4 and AVI, sometimes even just by limiting the file extension, those codecs can't be used.
If your service works by taking whatever file the user gives you and shoving it into unsandboxed ffmpeg, you've already fucked up. It would be nice if you could do that, but that's not a guarantee ffmpeg has ever provided, nor would it make sense for them to spend their limited resources on it.
RetroTechie an hour ago
teravor 6 hours ago
while sandboxing ffmpeg directly isn't difficult, unfortunately with something like MPV/VLC that uses ffmpeg it's more challenging. until recently (virtio gpu native context) it wasn't even possible to sandbox a video player without losing all hardware acceleration. at least not from the outside, they could always try to sequester ffmpeg and seccomp it to hell like chromium.
BoingBoomTschak an hour ago
Sandboxing not only OS access but also hardware access feels almost impossible to be honest. At least not via user-friendly exec based stuff like bwrap.
Personally, I still try to contain them a bit: https://git.sr.ht/~q3cpma/ezbwrap/tree/master/item/profiles
endofreach 7 hours ago
Of course. Everybody knows to rather use the obvious alternative to ffmpeg!
dspillett an hour ago
> the obvious alternative to ffmpeg
IIRC that is currently sandboxed ffmpeg.
Until the people going on about making an equivalent in pure rust being automatically much safer, stop talking about it and actually get on with making it, of course!
loeg 13 hours ago
They're also extremely hostile to security researchers who report these issues.
dspillett 2 hours ago
I wouldn't call "nice find, care to help us fix that?" extremely hostile. It can be frustrating for open source projects that far more people want a pat on the back for the identification of a problem (be it security, performance, documentation, or anything else) than there are people who have the time and inclination to help resolve the issue (or ability and inclination to fund the project so it can more easily find help if needed). The use of LLM based tools apparently making that pat on the back easier to attain is going to exacerbate that problem for a while at least.
insanitybit 12 hours ago
https://x.com/ffmpeg/status/2039115531744334180?s=46&t=qCSkw...
Security is the punch line for ffmpeg.
grahamjperrin 12 hours ago
hootz 12 hours ago
KPGv2 10 hours ago
stackghost 7 hours ago
lkt 9 hours ago
The guy running the twitter account is incompetent but the actual devs are a lot saner I think.
I agree it reflects poorly on them though
grahamjperrin 12 hours ago
> … hostile to security researchers who report these issues.
Do you have an example?
lukaslalinsky 8 hours ago
naturalmovement 11 hours ago
duped 9 hours ago
One dude running an X account is not indicative of a community to be honest.
That said, that dude has a point. "Researchers" chasing clout with their names attached to CVEs is kind of ridiculous. Half these CVEs are missing bounds checks that can be fixed with a patch in as much effort as writing up the blog post announcing that there was a missing bounds check.
boomlinde 9 hours ago
hahn-kev 2 hours ago
I use it in WASM on the client and call it a day. It works for our use case, but obviously not most.
oinoom 10 hours ago
Funny, John Carmack was just admiring the creator of ffmpeg the other day for being a better programmer. https://x.com/id_aa_carmack/status/2064095424420487226?s=46
mjg59 6 hours ago
The majority of code in ffmpeg today isn't written by Fabrice, but also there's multiple axes that people view programming ability on. Some people can write software that will do things you couldn't imagine given the constraints. Some people can write software that is resilient against all malformed input. Sometimes these people are the same people, but frequently they're not.
tptacek 10 hours ago
One thing has nothing to do with the other.
wavemode 9 hours ago
Security vulnerabilities are less about programming ability and more about rigor.
pibaker 8 hours ago
Famous man whose last impactful work was decades ago and spent years on meta's sinking metaverse boat said so, so it must be true.
plaguuuuuu 7 hours ago
zerobees 7 hours ago
endofreach 7 hours ago
naturalmovement 12 hours ago
If there was a nearly inexhaustible supply of Indian security researchers emailing you a nearly inexhaustible supply of LLM slop daily, there is a point where you or I would stop caring too.
ffmpeg is Free Software. You are also free not to use it.
Oddly enough, despite all these endless grievances, no one has come up with a better or more capable tool, certainly not one that is freely available.
Evidently no one cares either, because most implementations of ffmpeg I've seen typically run it as root "because we have to". Don't worry we use Docker bro.
bawolff 12 hours ago
> nearly inexhaustible supply of LLM slop daily,
Actual well written vulnerability reports are not the same as slop.
AI slop is a real problem and annoying. Just because it exists does not mean every vulnerability report is AI slop.
Ffmpeg devs are free not to care, but then they cant complain when they start to get a bad reputation.
krageon 2 hours ago
naturalmovement 12 hours ago
nerdsniper 12 hours ago
Is GStreamer a more secure alternative or does it just get a bit less attention than ffmpeg?
samiv 5 hours ago
Gstreamer is a multimedia framework where the user creates media DAGs by placing video/audio/multimedia elements such as demuxers, decoders etc in a pipeline. The framework then takes care of running the media pipeline and handles the data buffering etc.
Within the framework there are multitudes of plugin packages that contain said elements and many of them are built on top of ffmpeg.
derf_ 9 hours ago
Any multimedia project trying to support a large number of formats, whose usage in the wild differs by orders of magnitude, is going to have code of varying quality (although quality is not strictly correlated with usage: age and complexity are also big factors, among others). GStreamer puts plugins into different categories (-good, -bad, etc.) based on things like the maturity of the code, which helps you judge what risks you are taking. With FFmpeg it is harder to know which formats are more likely to have issues. Of course GStreamer can use FFmpeg, in which case you will also have all of FFmpeg's problems.
In both cases you are best off restricting things to what you actually use.
WD-42 11 hours ago
From what I understand gstreamer is more about building complex pipelines and plugins, ffmpeg is better at playing some obscure 20 year old video format extremely efficiently so you can watch it compiled for a potato.
Different cases really I think both are good.
hackernudes 10 hours ago
hugmynutus 9 hours ago
GStreamer is just a different front end to ffmpeg.
ffmpeg's core functionality (encode, decode, streams, pipes, channels) are all implemented in `libav` which gstreamer links against.
harrall 9 hours ago
wmf 10 hours ago
Doesn't GStreamer mostly use ffmpeg plugins?
ranger_danger 11 hours ago
In my experience it's mainly run by very grumpy and opinionated Europeans who take pride in having bugs old enough to drink.
bitwize 8 hours ago
Time to RIIR, then?
anonymousiam 8 hours ago
I haven't seen that acronym before, but my guess is that it's "Re-Implement In Rust", right?
erk__ 7 hours ago
cubefox 9 hours ago
> Ffmpeg is absolutely not something you should be running outside of a sandbox if you're touching any untrusted or user-supplied content.
You would change your opinion quickly if your browser, apps and TV suddenly stopped supporting videos due to relying on FFmpeg.
defrost 9 hours ago
What prevents running a data stream in, transcoded data out sandbox with no access to unlimited resources, system files, system stacks, etc.
It's okay for a sandbox to fall over due to bad inputs and poor memory security if it can just be restarted and move onto other streams.
ReactiveJelly 7 hours ago
anon-3988 10 hours ago
Doesn't this negate all the amazing muh assembly hacking that they do lol
gerdesj 12 hours ago
ffmpeg is also rather popular and delivers a lot of functionality. Its unlikely that you don't have it installed.
Yes, there are security issues but quite a few are not ffmpeg itself related - the input is pretty shabby or at least not exactly easy to deal with!
Obviously, they could do with some assistance and I'm sure you and I will both dive in with equal zeal.
RetroTechie 39 minutes ago
Hmm.. "shabby input" that makes software xyz fail is a problem in software xyz itself!
"Validate your inputs" is a common rule. Fuzzing is a thing. Both for good reasons (including security).
imjonse 5 hours ago
The obvious question is, how many of those were the sort that writing in a memory-safe language would make impossible?
They should prompt one of the more adventurous LLMs to find security bugs and with some luck it will deviate from the prompt and rewrite ffmpeg in Rust.
lionkor 4 hours ago
Rewriting ffmpeg in Rust will not solve it. The parts that are memory unsafe in ffmpeg, and similar projects, are not unsafe because C or C++ is inherently unsafe. Instead, it's the CODE that is unsafe. Translating the code (data structures, logic, etc) to Rust does not fix bugs in the code. That code will be littered with "unsafe" code, and of course, it will no longer be maintainable.
guessmyname 8 hours ago
I think the industry is optimizing for the wrong thing. Generating thousands of AI-written bug reports is easy, at least with Mythos (preview 1) or GPT-5.5. Getting bugs fixed is the hard part.
A few months ago I started working on a system that finds critical security issues and opens PRs instead of just filing reports. The acceptance rate is sitting at roughly 94% so far. Most of the failures were due to project-specific kill switches or other internal mechanisms that weren’t documented, not because the vulnerability itself was misidentified.
Developers generally seem to prefer this approach. A bug report creates work. A good PR removes work. That sounds obvious, but a lot of security products still stop at the report and call it a day.
rcbdev 7 hours ago
I think I'm missing something here. Apple software has no open source code, how are you suggesting fixes?
Rygian 6 hours ago
> I think the industry is optimizing for the wrong thing.
Indeed: The industry optimizes for speed, time to market, and features, and applies the ostrich model to everything that doesn't bring short-time revenue (security considerations, accessibility, vendor lock-in, interoperability, …)
This has been going on for as long as the industry exists, and now we start to have the proper tools to assess the damage and understand the brittleness of it all.
nemothekid 14 hours ago
>The reach of this bug is what makes it serious. Any deployment that points FFmpeg at an attacker-influenced RTSP URL is exposed: media ingest pipelines fetching user-supplied stream URLs, surveillance and CCTV systems pulling RTSP feeds, and transcoding services processing remote AV1-over-RTP sources
Wow this is actually pretty serious - I'm even surprised its being published. There are several services where I can imagine this is exploitable today.
akerl_ 13 hours ago
Some people might suggest it’s crucial to publish if you’re aware of a serious vulnerability, so that people using the software in a vulnerable way can take steps to mitigate the risk.
skupig 13 hours ago
You would also need some sort of ASLR leak to make this exploitable
woodruffw 12 hours ago
Speaking from firsthand experience: codec and other media processing libraries are some of the easiest software to find address leaks in.
(There are a number of reasons for this, not least being that C makes it very easy to ship partially initialized memory over the wire.)
lostglass 11 hours ago
TiredOfLife 7 hours ago
ffmpeg has stated many many times that they don't care about bug or security reports
0xbadcafebee 11 hours ago
Even if this isn't as big a deal as this [advertisement for a security company] seems, it is a reminder that every application you release does have a security hole somewhere, and a script kiddie can now find it 5 minutes after release for $2 in credit. If you're not red-teaming your code before release, hackers are doing it after.
codedokode 3 hours ago
> DFVULN-123 (Integer Overflow): In the RTP LATM depacketizer (rtpdec_latm.c), latm_parse_packet() performs a signed 32-bit addition that overflows and bypasses its bounds check
Again there is another vulnerability caused by unchecked addition, and still modern languages like Rust or Go do not raise exception on overflow, and modern CPU architectures like RISC-V provide no overflow traps. And older languages like C or C++ do not have overflow checks also.
Ridiculous. It is obvious that humans cannot be trusted with writing correct arithmetics code.
heinrich5991 an hour ago
Rust enables overflow checking in debug mode, you can (and I do) enable it in release mode as well.
Rust's default integer overflow in release mode is defined as well, it'll just wrap around. This makes it less likely to result in a vulnerability (unless you start writing unsafe Rust).
pornel 32 minutes ago
Additionally, integer overflow is less immediately dangerous in Rust, because buffer access is bounds-checked after the arithmetic. You can still get some logic bugs that eventually lead to vulnerabilities, but it's not an arbitrary memory write gadget.
uecker 13 minutes ago
AlienRobot 2 hours ago
Zig raises overflow. There are +|= and +%= operators for clamped and wrapping addition.
Rust doesn't raise overflow by default. But you can just 123.checked_add(321). Now your code is unreadable, but it's overflow safe.
Honestly, based on the way I write code I'd rather something like an end of line comment. Like:
var x = y + z; # wrapped
lschueller 12 hours ago
Inflated use of the term zero-day, while none of the described vulnerabilities is actually a zero-day. But it sounds and clicks good.. thank you for the PoC.
da_chicken 13 hours ago
That's not what "zero-day" means.
nerdsniper 12 hours ago
It seems to have lost its meaning after getting popularized following Stuxnet coverage.
da_chicken 12 hours ago
No, I think it was since Code Red.
I understand why it's poorly understood. It's a snappy term, and people assume it means "bad" and nothing else because that's all you can get from the context. However, since most people also don't know the difference between a vulnerability and an exploit, they won't understand the definition of a zero-day when they read it.
But I'm still going to complain if a security vulnerability research company is using the term incorrectly in their own press copy. It makes them look amateurish.
NooneAtAll3 10 hours ago
journal 6 hours ago
Explain what it means along with your statement. Maybe I have the wrong definition too.
perlgeek 5 hours ago
(not op)
If a security bug is exploited in the wild, it's an n-day if it's been first exploited n days after the publication of the bug, and a zero-day if it's been exploited before or on the day of the publication.
When a bug is not yet exploited in the wild, it's just a discovery of a bug, not a zero-day.
AlienRobot 2 hours ago
wavemode 14 hours ago
> At this point the corrupted free pointer is called, and control of the instruction pointer is ours.
Very serious, though in practice it doesn't sound like this bug achieves arbitrary RCE on its own (especially in the presence of ASLR). You would need there to be some writable and executable page of memory lying around.
skupig 13 hours ago
The article glosses over this, but it looks like the next variable in the struct is conveniently the first parameter to the function, so you can run arbitrary code with system() or whatever. But, yeah, you would need some other exploit to defeat ASLR.
jacobgold 14 hours ago
I've been using ffmpeg for a very long time, both personally and for services I've built. Fabrice Bellard is a genius, and the developers who have taken it so far have made the world measurably richer.
But I can't think of a program more worthy of sandboxing when run with untrusted input than ffmpeg. It's a huge amount of C dealing with the most complicated video and audio codecs, which is notoriously impossible to get completely right.
But it's not actually that big of a problem. I run ffmpeg inside a VM or gVisor, and the end result is usually a video file that I'm perfectly willing to play in my browser, where it gets decoded in yet another sandbox because this shit is hard.
Terr_ 9 hours ago
I glumly predict that copyright-holding companies wanting DRM, "trusted platforms", regulatory capture, etc. will drive some of the damage here.
Secure sandboxing tends to mean opportunities to make unrestricted copies.
Gehinnn 14 hours ago
What do you mean "video file that I'm perfectly willing to play in my browser". Isn't it safe to assume that no video file can escape the browser decoding sandbox?
kjs3 11 hours ago
Isn't it safe to assume that no video file can escape the browser decoding sandbox?
It's 'safe to assume' it's not. It's emphatically not safe to assume any mitigation is perfect.
thaumasiotes 14 hours ago
> Isn't it safe to assume that no video file can escape the browser decoding sandbox?
Why would that be safe to assume? If that were a reasonable assumption, you could just as well assume that it's safe to run ffmpeg.
Denvercoder9 13 hours ago
ttoinou 13 hours ago
cyberax 13 hours ago
But then you also often need hardware accelerators for encoding, so you need to use C again.
ttoinou 13 hours ago
Is the future of defense-against-foreign-agents-on-my-codebase to subtly hide prompt injections into one’s codebase that would defeat agents to find security bugs ?
If the attackers of ffmpeg need to be using such those authors’ services to find RCE in popular tools to attack, what the ffmpeg team needs to defeat attackers is to reduce efficiency of such tools depthfirst
Davidzheng 13 hours ago
No...
fizzynut 13 hours ago
I find difficult to know how serious the issue is, if it is even an issue.
LLM constantly confidently giving me this same sounding script with a "the root cause" and how it "is simple" while being completely incorrect.
lostglass 10 hours ago
Most of them involve very weird and unlikely scenarios and bad security practices or access to the ffmpeg binaries and being allowed to run arbitrary commands at an elevated permission.
In and of itself there's not a massive issue from what I can see, they're entry vectors that can lead to worse situations.
That's not to say they're not serious but if a Russian hacking group is using one of them it's in conjunction with other exploits or security flaws. Which is common in practice when it comes to decoding.
josephg 11 hours ago
Its 21 issues. And they've been human validated, as far as I can tell.
bayouborne 13 hours ago
What about VLC's own built-in versions of decoding libraries (I think, from the FFmpeg project)? Is there a scenario here where we may have to deal with malicious MP4 files?
jeffbee 12 hours ago
All media containers are potentially hostile. Any offset, extent, or reference has to be considered hostile user-provided input.
appleappleapple 10 hours ago
Help me understand: depthfirst seems to be bigging up their “security agent” here, but is it not just prompt engineering + writing skill files? What goes into producing a “security agent” beyond this? Feels like they’re really gussying up a process that is ultimately just LLM usage
kodt 11 hours ago
Infinity - 21 is still infinity
omoikane 13 hours ago
Is there a timeline for each of these bugs? I wonder if these bugs had been reported to ffmpeg yet.
deafpolygon 4 hours ago
I just had an unsettling thought… those with access to Mythos/Fable finding these flaws — how many might be holding back and keeping some of these exploits in their back pocket?
bethekidyouwant 14 hours ago
How does the browser use it ?unless they mean there’s a zero day in libavcodec
fpoling 14 hours ago
Browsers run it in a sandbox process together with allocator hardening. Most of the bugs then are just crashed of the sandbox
Another option is WASM or WASM-style sandboxes if using another process is undesirable.
johnnythunder 14 hours ago
One chained sandbox escape away from compromise.
ttoinou 13 hours ago
loeg 13 hours ago
tom_ 12 hours ago
> A victim only has to run ffmpeg -i rtsp://attacker/stream, the most ordinary command imaginable
What about "ls"?
throwaway2037 3 hours ago
I had to read your comment a couple of times to understand it. I assume you are saying that "/bin/ls" is the "most ordinary command imaginable"? I think your original quote is saying most ordinary when running ffmpeg, which has a famously complex command line interface.
Philpax 13 hours ago
"No way to prevent this" say users of only language where this regularly happens, etc, etc. Several of these bugs do not appear to be in hot code and would have been detected by a language with saner behaviour.
izacus 6 hours ago
Well, get to work then and rewrite, should be quick. Chop-chop!