Autonomously Finding 7 FFmpeg Vulnerabilities With AI - ZeroPath Blog | ZeroPath
This document details seven vulnerabilities found in FFmpeg, including buffer overflows and invalid frees, stemming from issues like integer truncation, unbounded serialization, off-by-one errors, and incorrect stream indexing. ZeroPath’s AI SAST identified these by analyzing allocation and copy alignment, framing invariants, packet builder capacities, cardinality propagation, and offset arithmetic integrity, often bypassing limitations of traditional fuzzers and static analysis tools.