What does it matter if it's AI generated if it's a real bug? The problem with AI reports is usually that they're invalid; in this case it was an actual bug.
> currently have zero real-world impact
So better we not talk about them until someone bothers to write an exploit for it?
> the "researchers" didn't even bother to write a patch/fix
If it has no real-world impact and thus shouldn't even be reported, then why does it need to be fixed?
ffmpeg is getting DDOS'd by AI generated security CVEs.
Not by classic bug reports.
It's a pretty good report by bigsleep. It even comes with a good explanation and reproducer.
I like to get such reports from the occasional fuzzer. Just ignore the CVE, it's a bug