CVE-2026-8461

HIGH NVD

CVSS Score 8.8

Severity HIGH

Published Jun 18, 2026

Vendor unknown

Description

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2.

References

https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159