DigiNews

Summary

DepthFirst reports 21 zero-day vulnerabilities in FFmpeg discovered by their security agent, including several CVEs (CVE-2026-39210 to CVE-2026-39218) and additional internal DFVULN IDs. A highlighted flaw in the AV1 RTP depacketizer enables remote code execution via crafted RTP packets, raising concerns for media ingestion pipelines and RTSP workflows. The article emphasizes the cost-effective use of agent-based analysis and references prior disclosures by Google and Anthropic.