Maybe I'm missing something but the ffmpeg buffer "exploit" involves passing a custom exploited buffer callback to parse a RASC file that presumably has been crafted to contain a packet that can exploit the custom buffer passed in? I don't see how this would be used in practice in the wild as to achieve the first step (custom buffer invocation) would require you to already have access to the machine to even invoke ffmpeg with it?

Like yes there is a heap OOB issue in an incredibly old file format, but without already having arguably compromised access to a machine, exploiting it for RCE seems impossible?

Apparently nobody cares. A few days ago I bumped-into and submitted this: https://news.ycombinator.com/item?id=48655747 . I thought given the general trust people seem to place in media files it would have raised a few eyebrows but it did not ̄\_(ツ)_/ ̄