The vulnerability in question is being severely underestimated. There are many o... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		iscoelho 5 months ago \| parent \| context \| favorite \| on: FFmpeg to Google: Fund us or stop sending bugs The vulnerability in question is being severely underestimated. There are many other comments in this thread going into detail. UAF = RCE.

kragen 5 months ago [–]

Use-after-free bugs (such as the vulnerability in question, https://issuetracker.google.com/issues/440183164) usually can be exploited to result in remote code execution, but not always. It wouldn't be prudent to bet that this case is one of the exceptions, of course.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact