Technical description
Autonomous AI security agent operated by depthfirst discovered 21 confirmed zero-day vulnerabilities in FFmpeg's 1.5 million lines of C code. The majority are heap and stack overflows in parsers and demuxers (TS demuxer, VP9 decoder, H.264 parser, RTSP handler, service-description-table code). One stack overflow in service-description-table code dates to 2003 — 23 years in the codebase. Depthfirst published a proof-of-concept demonstrating a remote code execution primitive when FFmpeg processes certain RTSP streams.
Attack vector
Remote: attacker crafts malicious RTSP stream or media file targeting a vulnerable FFmpeg parser/demuxer. FFmpeg is embedded in almost all media processing pipelines, streaming servers, video editing software, containers, and devices — attack surface is extremely broad. PoC is publicly available.
Affected systems
FFmpeg versions prior to the patched commits (see ffmpeg.org security page); broadly affects any application embedding FFmpeg for media parsing — streaming services, CDN edge nodes, video conferencing, media players, containers, and IoT devices with video capability.
Mitigation
Apply FFmpeg security patches corresponding to CVE-2026-39210 through CVE-2026-39218 and related fixes listed on ffmpeg.org/security; prioritise any internet-facing RTSP endpoints given the publicly disclosed RCE PoC; restrict FFmpeg processing of untrusted media inputs behind sandboxes; monitor ffmpeg.org/security for the remaining 12 vulnerabilities to receive CVE numbers.