frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Heap Overflow in FFmpeg EXIF

https://bugs.pwno.io/0014
43•retr0reg•2h ago

Comments

ComputerGuru•2h ago
Nice find.

(I don’t see what this being reported during the Christmas holidays has to do with not revealing the disclosure and patch timeline, a “note that delays should be attributed to Christmas” would have sufficed.)

rvz•1h ago
> Pwno is a AI cybersecurity startup...

We all know that LLMs were used to find these vulnerabilities, specifically on high impact projects. That's fine.

However, my only question is who actually provided the patch: The maintainers of FFmpeg? The LLM that is being used? Or the security researchers themselves after finding the issue?

It seems that these two statements about the issue are in conflict:

> We found and patched 6 memory vulnerabilities in FFmpeg in two days.

> Dec, 2025: avcodec/exif maintainer provided patch.

9cb14c1ec0•35m ago
> We all know that LLMs were used to find these vulnerabilities

How do we know that? You seem quite certain.

hedgehog•23m ago
They pitch their company as finding bugs "with AI". It's not hard to point one of the coding agents at a repo URL and have it find bugs even in code that's been in the wild for a long time, looking at their list that looks likely to be what they're doing.
tredre3•20m ago
PWNO provided a patch but it was rejected for being too large[1]. A maintainer fixed it himself[2]. I don't know if PWNO used a LLM but it seems clear that the maintainer had a preferred specific style in mind so it was likely hand written (albeit inspired by the initial patch).

1. https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21258

2. https://code.ffmpeg.org/FFmpeg/FFmpeg/commit/4bfac71ecd96488...

renewiltord•46m ago
Hmm interesting. You can see recent edits to the file here https://github.com/FFmpeg/FFmpeg/commits/master/libavcodec/e...

This specific issue is fixed here https://github.com/FFmpeg/FFmpeg/commit/4bfac71ecd96488dd2dc...

Cameras and Lenses (2020)

https://ciechanow.ski/cameras-and-lenses/
67•sebg•59m ago•5 comments

OpenWorkers: Self-Hosted Cloudflare Workers in Rust

https://openworkers.com/introducing-openworkers
180•max_lt•3h ago•55 comments

iOS allows alternative browser engines in Japan

https://developer.apple.com/support/alternative-browser-engines-jp/
107•eklavya•4h ago•49 comments

Python Numbers Every Programmer Should Know

https://mkennedy.codes/posts/python-numbers-every-programmer-should-know/
79•WoodenChair•3h ago•34 comments

Bluetooth Headphone Jacking: A Key to Your Phone [video]

https://media.ccc.de/v/39c3-bluetooth-headphone-jacking-a-key-to-your-phone
308•AndrewDucker•6h ago•96 comments

Implementing HNSW (Hierarchical Navigable Small World) Vector Search in PHP

https://centamori.com/index.php?slug=hierarchical-navigable-small-world-hnsw-php&lang=en
41•centamiv•2h ago•11 comments

Common Lisp SDK for the Datastar Hypermedia Framework

https://github.com/fsmunoz/datastar-cl
29•fsmunoz•2h ago•7 comments

Sony PS5 ROM keys leaked – jailbreaking could be made easier with BootROM codes

https://www.tomshardware.com/video-games/playstation/playstation-5-rom-keys-leaked-jailbreaking-c...
119•gloxkiqcza•2h ago•21 comments

Build a Deep Learning Library

https://zekcrates.quarto.pub/deep-learning-library/
31•butanyways•3h ago•3 comments

Heap Overflow in FFmpeg EXIF

https://bugs.pwno.io/0014
44•retr0reg•2h ago•6 comments

2025 Letter

https://danwang.co/2025-letter/
120•Amorymeltzer•3h ago•64 comments

Memory Subsystem Optimizations

https://johnnysswlab.com/memory-subsystem-optimizations/
3•mfiguiere•24m ago•0 comments

2025: The Year in LLMs

https://simonwillison.net/2025/Dec/31/the-year-in-llms/
772•simonw•18h ago•400 comments

Ultra-Wide Band: A Transformational Technology for the Internet of Things

https://www.eetimes.com/ultra-wide-band-a-transformational-technology-for-the-internet-of-things/
9•fzliu•1w ago•5 comments

Rust--: Rust without the borrow checker

https://github.com/buyukakyuz/rustmm
77•ravenical•7h ago•111 comments

Meta made scam ads harder to find instead of removing them

https://sherwood.news/tech/rather-than-fully-cracking-down-on-scam-ads-meta-worked-to-make-them-h...
190•wtcactus•5h ago•49 comments

ACM Is Now Open Access

https://www.acm.org/articles/bulletins/2026/january/acm-open-access
251•leglock•2h ago•39 comments

How to recognise a genuine password request

https://eclecticlight.co/2025/12/18/how-to-recognise-a-genuine-password-request/
3•naves•1w ago•0 comments

Easel Turns One One year of building my own IDE in Clojure

https://blog.phronemophobic.com/easel-one-year.html
136•todsacerdoti•5d ago•10 comments

A font with built-in TeX syntax highlighting

https://rajeeshknambiar.wordpress.com/2025/12/27/a-font-with-built-in-tex-syntax-highlighting/
29•LorenDB•5d ago•3 comments

European Space Agency hit again as cybercriminals claim 200 GB data up for sale

https://www.theregister.com/2025/12/31/european_space_agency_hacked/
26•smurda•1h ago•9 comments

I canceled my book deal

https://austinhenley.com/blog/canceledbookdeal.html
571•azhenley•23h ago•317 comments

BYD Sells 4.6M Vehicles in 2025, Meets Revised Sales Goal

https://www.bloomberg.com/news/articles/2026-01-01/byd-sells-4-6-million-vehicles-in-2025-meets-r...
73•toomuchtodo•2h ago•62 comments

Pokémon Team Optimization

https://nchagnet.pages.dev/blog/pokemon-team-optimization/
149•nchagnet•5d ago•55 comments

Beyond the Nat: Cgnat, Bandwidth, and Practical Tunneling

https://blog.rastrian.dev/post/beyond-the-nat-cgnat-bandwidth-and-practical-tunneling
15•rastrian•5d ago•6 comments

Show HN: I created a tool to design and create foamcore inserts for boardgames

https://boxinsertdesigner.com/
39•Rabidgremlin•4d ago•10 comments

I rebooted my social life

https://takes.jamesomalley.co.uk/p/this-might-be-oversharing
233•edent•7h ago•161 comments

A Christmas Present to Myself – Vector Network Analyzer (2014)

https://axotron.se/blog/vector-network-analyzer-a-christmas-present-to-myself/
33•joebig•1w ago•3 comments

Tell HN: Happy New Year

401•schappim•1d ago•194 comments

Web Browsers have stopped blocking pop-ups

https://www.smokingonabike.com/2025/12/31/web-browsers-have-stopped-blocking-pop-ups/
336•coldpie•1d ago•369 comments