Vulnerability intelligence

CVE-2026-8461

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2.

CVSS Score

8.8

High

EPSS — Exploit Probability

0.3%

Riskier than 26% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

unknown

Check vendor advisories

NVD entry PoC / advisory

1 article across 1 outlet · first covered Jun 23, 2026 · latest Jun 23, 2026

Coverage timeline

FFmpeg PixelSmash flaw lets hackers run code via crafted media
www.securityweek.com · Jun 23, 2026