The vulnerability in question is being severely underestimated. There are many o... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		iscoelho 73 days ago \| parent \| context \| favorite \| on: FFmpeg to Google: Fund us or stop sending bugs The vulnerability in question is being severely underestimated. There are many other comments in this thread going into detail. UAF = RCE.

kragen 73 days ago [–]

Use-after-free bugs (such as the vulnerability in question, https://issuetracker.google.com/issues/440183164) usually can be exploited to result in remote code execution, but not always. It wouldn't be prudent to bet that this case is one of the exceptions, of course.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact