| ▲ | Twenty One Zero-Days in FFmpeg(depthfirst.com) |
| 160 points by redbell 7 hours ago | 86 comments |
| |
|
| ▲ | zerobees 6 hours ago | parent | next [-] |
| Ffmpeg has an exceptionally terrible track record when it comes to security. People have been throwing fuzzers at it for as long as I remember and coming back with a nearly inexhaustible supply of memory corruption bugs. Here's an effort by one Googler a decade ago: https://security.googleblog.com/2014/01/ffmpeg-and-thousand-... So, while it's a demo of the capabilities of LLMs, this should not be at all surprising. Ffmpeg is absolutely not something you should be running outside of a sandbox if you're touching any untrusted or user-supplied content. I know that people do, and these people are taking unreasonable risks. |
| |
| ▲ | loeg 6 hours ago | parent | next [-] | | They're also extremely hostile to security researchers who report these issues. | | |
| ▲ | insanitybit 5 hours ago | parent | next [-] | | https://x.com/ffmpeg/status/2039115531744334180?s=46&t=qCSkw... Security is the punch line for ffmpeg. | | |
| ▲ | stackghost 2 minutes ago | parent | next [-] | | In their defense, the "rewrite it in rust" crowd can be really grating. | |
| ▲ | grahamjperrin 4 hours ago | parent | prev | next [-] | | I'm glad to see their sense of humour :-) https://nitter.net/ffmpeg/status/2039115531744334180 | | |
| ▲ | KPGv2 3 hours ago | parent [-] | | > Assembly is a human readable version of machine code. It's exactly the same. goddamn, and this is a project that prides itself on having had-written assembly in it | | |
| ▲ | breppp 23 minutes ago | parent [-] | | There's certainly assembly that maps directly to the machine language bytes, I assume you are talking about the version of assembly with the high level loop macros | | |
| ▲ | rcbdev 4 minutes ago | parent [-] | | In some circles, High Level Assembly (HLA) is lovingly called "Mainframe Assembly". |
|
|
| |
| ▲ | hootz 5 hours ago | parent | prev | next [-] | | Oh my god! They are so funny and memeable! gets RCE'd | |
| ▲ | KPGv2 3 hours ago | parent | prev [-] | | Apr Fools Day really is the shittiest day to be online. For one thing, practical jokes/pranks are just gussied-up asshole behavior. For another thing, nerds generally SUCK at information-delivery pranks, which is what the Internet is full of on Apr 1. |
| |
| ▲ | lkt an hour ago | parent | prev | next [-] | | The guy running the twitter account is incompetent but the actual devs are a lot saner I think. I agree it reflects poorly on them though | |
| ▲ | grahamjperrin 4 hours ago | parent | prev | next [-] | | > … hostile to security researchers who report these issues. Do you have an example? | | |
| ▲ | lukaslalinsky an hour ago | parent | next [-] | | I don't have an example, but I know the pattern. You are working on your software, security researcher finds a bug, it's in your project, for you it's just another bug, but for them it's a point on their CV, so they make a theater about it, and expect priority in dealing with it. It must get tiring if you get many of these. | |
| ▲ | naturalmovement 4 hours ago | parent | prev [-] | | I have numerous examples of security researchers being hostile and impossible to work with (but cannot share them unfortunately). |
| |
| ▲ | duped 2 hours ago | parent | prev [-] | | One dude running an X account is not indicative of a community to be honest. That said, that dude has a point. "Researchers" chasing clout with their names attached to CVEs is kind of ridiculous. Half these CVEs are missing bounds checks that can be fixed with a patch in as much effort as writing up the blog post announcing that there was a missing bounds check. | | |
| ▲ | boomlinde 2 hours ago | parent [-] | | I guess that the perceived problem from a security perspective is that they're there, not that they're necessarily hard to fix once found. |
|
| |
| ▲ | oinoom 2 hours ago | parent | prev | next [-] | | Funny, John Carmack was just admiring the creator of ffmpeg the other day for being a better programmer. https://x.com/id_aa_carmack/status/2064095424420487226?s=46 | | |
| ▲ | pibaker an hour ago | parent | next [-] | | Famous man whose last impactful work was decades ago and spent years on meta's sinking metaverse boat said so, so it must be true. | |
| ▲ | tptacek 2 hours ago | parent | prev | next [-] | | One thing has nothing to do with the other. | |
| ▲ | wavemode 2 hours ago | parent | prev [-] | | Security vulnerabilities are less about programming ability and more about rigor. |
| |
| ▲ | bitwize 25 minutes ago | parent | prev | next [-] | | Time to RIIR, then? | | | |
| ▲ | nerdsniper 5 hours ago | parent | prev | next [-] | | Is GStreamer a more secure alternative or does it just get a bit less attention than ffmpeg? | | |
| ▲ | derf_ an hour ago | parent | next [-] | | Any multimedia project trying to support a large number of formats, whose usage in the wild differs by orders of magnitude, is going to have code of varying quality (although quality is not strictly correlated with usage: age and complexity are also big factors, among others). GStreamer puts plugins into different categories (-good, -bad, etc.) based on things like the maturity of the code, which helps you judge what risks you are taking. With FFmpeg it is harder to know which formats are more likely to have issues. Of course GStreamer can use FFmpeg, in which case you will also have all of FFmpeg's problems. In both cases you are best off restricting things to what you actually use. | |
| ▲ | WD-42 3 hours ago | parent | prev | next [-] | | From what I understand gstreamer is more about building complex pipelines and plugins, ffmpeg is better at playing some obscure 20 year old video format extremely efficiently so you can watch it compiled for a potato. Different cases really I think both are good. | | |
| ▲ | hackernudes 3 hours ago | parent [-] | | That's not really true. Ffmpeg is a Swiss army knife for anything related to digital multimedia (old and new). It is broken into a few libraries but doesn't really have plugins. Gstreamer has a different model, chaining together plugins. Lots of overlap, but I think Gstreamer only has real traction because some silicon vendors use it. |
| |
| ▲ | hugmynutus 2 hours ago | parent | prev | next [-] | | GStreamer is just a different front end to ffmpeg. ffmpeg's core functionality (encode, decode, streams, pipes, channels) are all implemented in `libav` which gstreamer links against. | | |
| ▲ | harrall an hour ago | parent [-] | | GStreamer doesn’t use ffmpeg’s pipeline at all. It implements a much more advanced directed graph with disconnect, connection and pad negotiation. You can dynamically swap out the entire filter graph during live playback with zero disruption. Swap feeds, outputs, effects… all at runtime. ffmpeg and other media frameworks (Windows Media Foundation, Apple’s AVFramwork) only support static pipelines. You can use “switcher” components but the inputs are still static. GStreamer is extremely special. The only thing that comes close was Microsoft’s DirectShow, which has since been replaced with Media Foundation which can’t do it. And while DirectShow did support it, it was fragile because many 3rd party filters did not support dynamic configuration. GStreamer does use ffmpeg, but it just wraps the core encoder/decoder/filter code and discards the streams/graph/pipe part of ffmpeg. |
| |
| ▲ | wmf 2 hours ago | parent | prev | next [-] | | Doesn't GStreamer mostly use ffmpeg plugins? | |
| ▲ | ranger_danger 4 hours ago | parent | prev [-] | | In my experience it's mainly run by very grumpy and opinionated Europeans who take pride in having bugs old enough to drink. |
| |
| ▲ | naturalmovement 5 hours ago | parent | prev | next [-] | | If there was a nearly inexhaustible supply of Indian security researchers emailing you a nearly inexhaustible supply of LLM slop daily, there is a point where you or I would stop caring too. ffmpeg is Free Software. You are also free not to use it. Oddly enough, despite all these endless grievances, no one has come up with a better or more capable tool, certainly not one that is freely available. Evidently no one cares either, because most implementations of ffmpeg I've seen typically run it as root "because we have to". Don't worry we use Docker bro. | | |
| ▲ | bawolff 5 hours ago | parent [-] | | > nearly inexhaustible supply of LLM slop daily, Actual well written vulnerability reports are not the same as slop. AI slop is a real problem and annoying. Just because it exists does not mean every vulnerability report is AI slop. Ffmpeg devs are free not to care, but then they cant complain when they start to get a bad reputation. | | |
| ▲ | naturalmovement 5 hours ago | parent [-] | | > AI slop is a real problem and annoying. Just because it exists does not mean every vulnerability report is AI slop. Ok but who is going to sift through it all to triage the good bits when you're working on something for free? > Ffmpeg devs are free not to care, but then they cant complain when they start to get a bad reputation Who gives a shit about reputation when you're the only game in town? There is nothing out there that even attempts to approximate an ffmpeg clone. They are the Swiss army knife of media encoding and all complainers have produced are plastic sporks. | | |
| ▲ | bawolff 3 hours ago | parent [-] | | > Ok but who is going to sift through it all to triage the good bits when you're working on something for free? Its like anything else in open source. Maintainers will do so if they care. Maybe they decide they don't care. That is always their decision to make but there are consequences for the project. Maybe those consequences make sense. Being a maintainer is all about making cost-benefit trade offs. > Who gives a shit about reputation when you're the only game in town? Its up to the maintainers whether they care or not. It depends on what they value. Ultimately if maintainers make decisions that are at odds with what their userbase want, someone eventually forks and people vote with their feet. | | |
| ▲ | naturalmovement 3 hours ago | parent | next [-] | | Security is a bit different. Today it's an industry driven by unscrupulous clout-chasers and a commitment to quantity over quality. There is a difference between going through patches and pull requests vs. the endless stream of LLM-assisted bullshit that has started cluttering security inboxes in the last few years. | | |
| ▲ | tptacek 2 hours ago | parent [-] | | Vulnerability researchers don't create the vulnerabilities they report. The vulnerabilities exist whether or not they're reported by "clout chasers". |
| |
| ▲ | eipi10_hn an hour ago | parent | prev [-] | | Yes, and people will sit there and sip tea while waiting for "someone"? For how long? | | |
| ▲ | bawolff 5 minutes ago | parent [-] | | > Yes, and people will sit there and sip tea while waiting for "someone"? For how long? Until someone cares enough to do it. This is open source software. When it comes to open source, the golden rule is you either do the things you care about yourself or stfu. Given the libav fork wasn't all that long ago, it can obviously happen to ffmpeg just as much as it can happen to any other project. |
|
|
|
|
| |
| ▲ | cubefox an hour ago | parent | prev | next [-] | | > Ffmpeg is absolutely not something you should be running outside of a sandbox if you're touching any untrusted or user-supplied content. You would change your opinion quickly if your browser, apps and TV suddenly stopped supporting videos due to relying on FFmpeg. | | |
| ▲ | defrost an hour ago | parent [-] | | What prevents running a data stream in, transcoded data out sandbox with no access to unlimited resources, system files, system stacks, etc. It's okay for a sandbox to fall over due to bad inputs and poor memory security if it can just be restarted and move onto other streams. | | |
| |
| ▲ | anon-3988 2 hours ago | parent | prev | next [-] | | Doesn't this negate all the amazing muh assembly hacking that they do lol | |
| ▲ | gerdesj 5 hours ago | parent | prev [-] | | ffmpeg is also rather popular and delivers a lot of functionality. Its unlikely that you don't have it installed. Yes, there are security issues but quite a few are not ffmpeg itself related - the input is pretty shabby or at least not exactly easy to deal with! Obviously, they could do with some assistance and I'm sure you and I will both dive in with equal zeal. |
|
|
| ▲ | guessmyname 9 minutes ago | parent | prev | next [-] |
| I think the industry is optimizing for the wrong thing. Generating thousands of AI-written bug reports is easy, at least with Mythos (preview 1) or GPT-5.5. Getting bugs fixed is the hard part. A few months ago I started working on a system that finds critical security issues and opens PRs instead of just filing reports. The acceptance rate is sitting at roughly 94% so far. Most of the failures were due to project-specific kill switches or other internal mechanisms that weren’t documented, not because the vulnerability itself was misidentified. Developers generally seem to prefer this approach. A bug report creates work. A good PR removes work. That sounds obvious, but a lot of security products still stop at the report and call it a day. |
| |
| ▲ | rcbdev 3 minutes ago | parent [-] | | I think I'm missing something here. Apple software has no open source code, how are you suggesting fixes? |
|
|
| ▲ | nemothekid 7 hours ago | parent | prev | next [-] |
| >The reach of this bug is what makes it serious. Any deployment that points FFmpeg at an attacker-influenced RTSP URL is exposed: media ingest pipelines fetching user-supplied stream URLs, surveillance and CCTV systems pulling RTSP feeds, and transcoding services processing remote AV1-over-RTP sources Wow this is actually pretty serious - I'm even surprised its being published. There are several services where I can imagine this is exploitable today. |
| |
| ▲ | akerl_ 6 hours ago | parent | next [-] | | Some people might suggest it’s crucial to publish if you’re aware of a serious vulnerability, so that people using the software in a vulnerable way can take steps to mitigate the risk. | |
| ▲ | skupig 6 hours ago | parent | prev [-] | | You would also need some sort of ASLR leak to make this exploitable | | |
| ▲ | woodruffw 5 hours ago | parent [-] | | Speaking from firsthand experience: codec and other media processing libraries are some of the easiest software to find address leaks in. (There are a number of reasons for this, not least being that C makes it very easy to ship partially initialized memory over the wire.) | | |
| ▲ | lostglass 3 hours ago | parent [-] | | Speed and security are not good bedfellows. Combine that with really shitty standards and dozens of years of development... Oh, and licensing. Licensing is the real killer. I could just write my own mp3 decoder easily (the format not the file type) but I'm not gonna risk my company getting sued into the ground by doing that. | | |
| ▲ | woodruffw 2 hours ago | parent [-] | | I don’t think this is necessarily true! Constraints can be liberating: a language that allows strong encoding of invariants makes it easier for the language’s compiler to optimize. I agree about long periods of development and difficult standards, though. |
|
|
|
|
|
| ▲ | 0xbadcafebee 4 hours ago | parent | prev | next [-] |
| Even if this isn't as big a deal as this [advertisement for a security company] seems, it is a reminder that every application you release does have a security hole somewhere, and a script kiddie can now find it 5 minutes after release for $2 in credit. If you're not red-teaming your code before release, hackers are doing it after. |
|
| ▲ | wavemode 6 hours ago | parent | prev | next [-] |
| > At this point the corrupted free pointer is called, and control of the instruction pointer is ours. Very serious, though in practice it doesn't sound like this bug achieves arbitrary RCE on its own (especially in the presence of ASLR). You would need there to be some writable and executable page of memory lying around. |
| |
| ▲ | skupig 5 hours ago | parent [-] | | The article glosses over this, but it looks like the next variable in the struct is conveniently the first parameter to the function, so you can run arbitrary code with system() or whatever. But, yeah, you would need some other exploit to defeat ASLR. |
|
|
| ▲ | da_chicken 5 hours ago | parent | prev | next [-] |
| That's not what "zero-day" means. |
| |
| ▲ | nerdsniper 5 hours ago | parent [-] | | It seems to have lost its meaning after getting popularized following Stuxnet coverage. | | |
| ▲ | da_chicken 4 hours ago | parent [-] | | No, I think it was since Code Red. I understand why it's poorly understood. It's a snappy term, and people assume it means "bad" and nothing else because that's all you can get from the context. However, since most people also don't know the difference between a vulnerability and an exploit, they won't understand the definition of a zero-day when they read it. But I'm still going to complain if a security vulnerability research company is using the term incorrectly in their own press copy. It makes them look amateurish. | | |
| ▲ | NooneAtAll3 3 hours ago | parent [-] | | > the difference between a vulnerability and an exploit is it the difference between a knife and a stab wound? | | |
| ▲ | da_chicken an hour ago | parent [-] | | No, that's the difference between exploit (knife) and either the incident or impact (wound). The vulnerability would be a gap in armor. The vulnerability is the exposed weakness. Vulnerabilities get fixes, and they exist without anybody knowing about them. Vulnerabilities get CVEs assigned to them. The exploit is the means of attack. It's the specific actions or calls that let you take advantage of a vulnerability. It could be a worm, or botnet scripts, or specifically crafted data[0]. A proof of concept is not an exploit itself, but it demonstrates that the vulnerability can be exploited. An example of a vulnerability might be a gate where the gap between the door and the jam are too wide. The exploit is a coat hanger used to lift the inside latch from outside the gate. That results in unprivileged access. And zero-day specifically compares when the white hats (vendors, system owners) and the black hats learn about the existence of a vulnerability. If white hats learn that a vulnerability exists by being subject to an in-the-wild black hat exploit of it, then it's a true zero-day. [0]: https://xkcd.com/327/ |
|
|
|
|
|
| ▲ | bayouborne 6 hours ago | parent | prev | next [-] |
| What about VLC's own built-in versions of decoding libraries (I think, from the FFmpeg project)? Is there a scenario here where we may have to deal with malicious MP4 files? |
| |
| ▲ | jeffbee 5 hours ago | parent [-] | | All media containers are potentially hostile. Any offset, extent, or reference has to be considered hostile user-provided input. |
|
|
| ▲ | jacobgold 6 hours ago | parent | prev | next [-] |
| I've been using ffmpeg for a very long time, both personally and for services I've built. Fabrice Bellard is a genius, and the developers who have taken it so far have made the world measurably richer. But I can't think of a program more worthy of sandboxing when run with untrusted input than ffmpeg. It's a huge amount of C dealing with the most complicated video and audio codecs, which is notoriously impossible to get completely right. But it's not actually that big of a problem. I run ffmpeg inside a VM or gVisor, and the end result is usually a video file that I'm perfectly willing to play in my browser, where it gets decoded in yet another sandbox because this shit is hard. |
| |
| ▲ | Terr_ 2 hours ago | parent | next [-] | | I glumly predict that copyright-holding companies wanting DRM, "trusted platforms", regulatory capture, etc. will drive some of the damage here. Secure sandboxing tends to mean opportunities to make unrestricted copies. | |
| ▲ | Gehinnn 6 hours ago | parent | prev | next [-] | | What do you mean "video file that I'm perfectly willing to play in my browser". Isn't it safe to assume that no video file can escape the browser decoding sandbox? | | |
| ▲ | kjs3 3 hours ago | parent | next [-] | | Isn't it safe to assume that no video file can escape the browser decoding sandbox? It's 'safe to assume' it's not. It's emphatically not safe to assume any mitigation is perfect. | |
| ▲ | thaumasiotes 6 hours ago | parent | prev [-] | | > Isn't it safe to assume that no video file can escape the browser decoding sandbox? Why would that be safe to assume? If that were a reasonable assumption, you could just as well assume that it's safe to run ffmpeg. | | |
| ▲ | Denvercoder9 6 hours ago | parent | next [-] | | I'm not up-to-speed with the current state of sandboxing in browsers, but in principle it's (on modern operating systems) not especially hard for them to sandbox the decoding into a separate process with basically no privileges beyond rendering a video stream. It's a bit trickier if we're only considering demuxing and delegating decoding to the hardware, but that's a much smaller attack surface. A manually run ffmpeg on the command line does nothing to restrict its privileges, and its security model has very little interest in doing so, while browsers very much have. | | |
| ▲ | lostglass 3 hours ago | parent [-] | | Yeah, then you need to stream content in real time between multiple processes. And not screw up the licensing. And get hardware acceleration working... |
| |
| ▲ | ttoinou 6 hours ago | parent | prev [-] | | The parent does argues it is safer to sandbox ffmpeg yes |
|
| |
| ▲ | cyberax 6 hours ago | parent | prev [-] | | But then you also often need hardware accelerators for encoding, so you need to use C again. |
|
|
| ▲ | ttoinou 6 hours ago | parent | prev | next [-] |
| Is the future of defense-against-foreign-agents-on-my-codebase to subtly hide prompt injections into one’s codebase that would defeat agents to find security bugs ? If the attackers of ffmpeg need to be using such those authors’ services to find RCE in popular tools to attack, what the ffmpeg team needs to defeat attackers is to reduce efficiency of such tools depthfirst |
| |
|
| ▲ | fizzynut 6 hours ago | parent | prev | next [-] |
| I find difficult to know how serious the issue is, if it is even an issue. LLM constantly confidently giving me this same sounding script with a "the root cause" and how it "is simple" while being completely incorrect. |
| |
| ▲ | lostglass 3 hours ago | parent | next [-] | | Most of them involve very weird and unlikely scenarios and bad security practices or access to the ffmpeg binaries and being allowed to run arbitrary commands at an elevated permission. In and of itself there's not a massive issue from what I can see, they're entry vectors that can lead to worse situations. That's not to say they're not serious but if a Russian hacking group is using one of them it's in conjunction with other exploits or security flaws. Which is common in practice when it comes to decoding. | |
| ▲ | josephg 4 hours ago | parent | prev [-] | | Its 21 issues. And they've been human validated, as far as I can tell. |
|
|
| ▲ | lschueller 5 hours ago | parent | prev | next [-] |
| Inflated use of the term zero-day, while none of the described vulnerabilities is actually a zero-day. But it sounds and clicks good..
thank you for the PoC. |
|
| ▲ | omoikane 6 hours ago | parent | prev | next [-] |
| Is there a timeline for each of these bugs? I wonder if these bugs had been reported to ffmpeg yet. |
|
| ▲ | kodt 4 hours ago | parent | prev | next [-] |
| Infinity - 21 is still infinity |
|
| ▲ | tom_ 5 hours ago | parent | prev | next [-] |
| > A victim only has to run ffmpeg -i rtsp://attacker/stream, the most ordinary command imaginable What about "ls"? |
|
| ▲ | bethekidyouwant 7 hours ago | parent | prev | next [-] |
| How does the browser use it ?unless they mean there’s a zero day in libavcodec |
| |
| ▲ | fpoling 7 hours ago | parent [-] | | Browsers run it in a sandbox process together with allocator hardening. Most of the bugs then are just crashed of the sandbox Another option is WASM or WASM-style sandboxes if using another process is undesirable. | | |
|
|
| ▲ | Philpax 5 hours ago | parent | prev | next [-] |
| "No way to prevent this" say users of only language where this regularly happens, etc, etc. Several of these bugs do not appear to be in hot code and would have been detected by a language with saner behaviour. |
|
| ▲ | appleappleapple 3 hours ago | parent | prev [-] |
| Help me understand: depthfirst seems to be bigging up their “security agent” here, but is it not just prompt engineering + writing skill files? What goes into producing a “security agent” beyond this? Feels like they’re really gussying up a process that is ultimately just LLM usage |
