alt Hacker NewsYes, I know that multimedia/image vulnerabilities are popular vectors for zero-click attacks. My point is that desktop players are not a vector for zero-click attacks, and ffmpeg has not generally been used in end-user situations that are targets of zero-click or drive-by attacks. Mostly because of the license, but still.
If the exploit chain involves the user downloading and opening a file, something like >99% of the time the next step already involves executable code (or Office macros), which makes any ffmpeg vuln completely useless.
Replies
dpe82 • last Sunday at 6:55 PM
Chrome uses ffmpeg's underlying libraries.
It's used way, way more than you think.
➕ show 1 reply
In a past life as a managed hosting provider ffmpeg exploits were used to gain access to systems.
It’s used for pretty much any platform you can upload video to. Some places far more competently than others.