top | item 45789790

(no title)

What does it matter if it's AI generated if it's a real bug? The problem with AI reports is usually that they're invalid; in this case it was an actual bug.

> currently have zero real-world impact

So better we not talk about them until someone bothers to write an exploit for it?

> the "researchers" didn't even bother to write a patch/fix

If it has no real-world impact and thus shouldn't even be reported, then why does it need to be fixed?

discuss

yeasku|4 months ago

ffmpeg is getting DDOS'd by AI generated security CVEs.

Not by classic bug reports.

rurban|4 months ago

It's a pretty good report by bigsleep. It even comes with a good explanation and reproducer.

I like to get such reports from the occasional fuzzer. Just ignore the CVE, it's a bug