CVE-2026-8461

Summary

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.

This vulnerability is associated with the file libavcodec/magicyuv.C.

This issue affects FFmpeg before version 8.1.2.

Affected Software

VendorProductVersion RangeStatus
FFmpegFFmpeg0 < 8.1.2affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

ffmpeg: FFmpeg: Remote code execution via out-of-bounds write in MagicYUV decoder

Additional References

References