[FFmpeg-devel] fuzzer and security issues
Michael Niedermayer
michael at niedermayer.cc
Fri Aug 8 14:57:20 EEST 2025
Hi
On Wed, Aug 06, 2025 at 12:36:24PM +0200, Michael Niedermayer wrote:
> Hi all
>
> theres been a surge of new issues being reported in recent days.
> And its affecting release schedule a bit
>
> People having access to ffmpeg-security or ossfuzz, are welcome to
> help with fixing them.
> (general rule is check ML for the testcase filename, before working on a case
> or just ask me on IRC if iam working on a specific issue
> we will have to figure out how to best coordinate)
>
> People who want to help but have no access, mail me or send me a private message on irc
some statistics:
we have 17 open security vulnerabilities in ossfuzz
from these several have fixes, one is in an external lib (libopus)
we have 57 open issues (not limited to security) in ossfuzz
Also the rate of new issues seems going up and there are also now
fully AI genrated reports, that is "google big sleep"
This continuous stream of security issues is a factor in the 8.0 release
being late.
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Some Animals are More Equal Than Others. - George Orwell's book Animal Farm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250808/b3e66633/attachment.sig>
More information about the ffmpeg-devel
mailing list