AI Agent Discovers 21 Zero-Day Vulnerabilities in FFmpeg, Including Critical RCE Flaw
An autonomous security agent has identified 21 zero-day vulnerabilities in FFmpeg, a widely used media processing library, with one critical flaw allowing remote code execution via a small network packet.
A specialized autonomous security agent has uncovered a significant cache of 21 zero-day vulnerabilities within FFmpeg, the ubiquitous open-source library that underpins media processing for a vast array of internet services. This discovery, made by the firm Depthfirst for approximately $1,000, highlights the persistent security challenges in complex, widely deployed software.
FFmpeg's critical role in handling diverse media formats across browsers, streaming platforms, and cloud infrastructure makes these findings particularly concerning. The library's extensive codebase, estimated at 1.5 million lines of C code, has historically been a target for security researchers, with previous efforts by Google and Anthropic also revealing numerous flaws. Depthfirst's agent, however, demonstrated a more targeted approach, mapping attacker-controlled input points and tracing data flow to confirm exploitability, leading to the identification of these previously unknown vulnerabilities.
Eight of the discovered vulnerabilities have been assigned CVE identifiers, ranging from heap and stack buffer overflows to integer overflows. Notably, CVE-2026-39214, a stack buffer overflow in the SDT implementation, has existed for an astonishing 23 years, while others like CVE-2026-39212 and CVE-2026-39217 are regressions from recent updates, indicating ongoing security issues.
The most critical vulnerability, tracked as DFVULN-127, is a heap buffer overflow in the AV1 RTP depacketizer. This flaw can be triggered by a single, small 183-byte network packet. The vulnerability arises from improper handling of Temporal Delimiter (TD) OBUs, leading to a corrupted write cursor and a subsequent re-parsing of attacker-controlled data. This corruption directly impacts a critical free function pointer within an allocated buffer, enabling an attacker to gain control of the instruction pointer.
Proof-of-concept exploits confirm that a single crafted RTP packet delivered over RTSP is sufficient to achieve remote code execution without any authentication or user interaction. This means any system processing untrusted RTSP or RTP streams using FFmpeg, including media ingest pipelines, surveillance systems, and cloud transcoding services, is potentially vulnerable.
Beyond the eight CVE-assigned flaws, the agent also identified other significant issues in components such as the RTP AV1 depacketizer, AVI demuxer, and RTSP SDP parser, many of which have lain dormant for over 15 years. The breadth and depth of these vulnerabilities underscore the ongoing need for rigorous security auditing of foundational software libraries.
Depthfirst has published the reproducible proof-of-concept inputs for these vulnerabilities on GitHub, enabling security professionals to verify the findings and develop defenses. Administrators are strongly advised to apply available patches and audit any FFmpeg deployments that handle untrusted network streams to mitigate the risk of exploitation.
This discovery by an AI agent not only highlights the evolving landscape of vulnerability research but also emphasizes the critical importance of securing the software supply chain. As AI-powered tools become more sophisticated, they are proving invaluable in uncovering complex security flaws that might otherwise remain hidden.