CVE Catalog

CVE-2026-8461

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile — higher than 38% of all known CVEs

Summary

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.c.

Risk Assessment

The risk for the organization includes potential disruption of services using FFmpeg for video processing and the possibility of remote code execution, leading to system compromise.

Recommendation

It is recommended to immediately update FFmpeg to version 8.1.2 or later, which contains a fix for this vulnerability.

Original NVD description (English source)

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS