depthfirst AI Agent Finds 21 FFmpeg Zero-Days

AI relevance: Autonomous AI agents are now finding deep, years-old vulnerabilities in foundational media processing libraries like FFmpeg — the same libraries embedded in AI video pipelines, container images, and media-serving infrastructure.

The findings

• 21 confirmed zero-days in FFmpeg's ~1.5 million lines of C code, all found by depthfirst's autonomous security agent with reproducible proof-of-concept inputs.
• Cost: ~$1,000 for the full scan run.
• Ages: Several bugs were latent for 15–20 years. A stack overflow in the service-description-table code dates to 2003 — 23 years of being live.
• Types: Most are heap or stack overflows in parsers and demuxers, spanning TS demuxer, VP9 decoder, and other components.
• CVEs assigned: CVE-2026-39210 through CVE-2026-39218 (nine assigned); the rest are fixed but not yet numbered. A public PoC is available.

Broader trend

• Google's Big Sleep agent previously reported a run of FFmpeg bugs visible on the project's security page tagged BIGSLEEP.
• Anthropic's Mythos model pulled a 16-year-old H.264 flaw out of FFmpeg for ~$10,000, with three fixes shipped in FFmpeg 8.1.
• An autonomous tool also found an authenticated RCE in Redis present since 7.2.0 (over two years old).
• A February study showed an agent reproducing working PoCs for more than half of 100 real Linux kernel N-day bugs, beating fuzzing.
• Chrome 149 shipped with patches for 429 security bugs — a single-release record — with over 100 critical/high. Google's April bounty overhaul was prompted by a flood of AI-generated submissions.

Why it matters

FFmpeg is embedded in media pipelines, Python wheels, container images, and appliances. AI video generation and processing systems depend on it heavily. The fact that autonomous agents can find critical parser vulnerabilities for ~$1,000 means every FFmpeg deployment — not just system packages — needs inventorying and patching. The broader implication: AI agents are becoming more effective at vulnerability discovery than traditional fuzzing for complex parsing code.

What to do

• Update FFmpeg to the latest patched version immediately.
• Audit for embedded FFmpeg copies in container images, Python wheels, and vendor appliances — they won't be covered by system package managers.
• Prioritize any pipeline that ingests untrusted RTSP or AV1-over-RTP streams.
• Update to Chrome 149.0.7827.53 (Linux) or 149.0.7827.53/54 (Windows/macOS).

Sources

• depthfirst: 21 Zero-Days in FFmpeg
• The Hacker News: AI Agent uncovers 21 FFmpeg zero-days
• Public PoC for FFmpeg vulnerability
• Chrome 149 stable release notes