CVE-2026-8461
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk38th percentile — higher than 38% of all known CVEs
Summary
An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.c.
Risk Assessment
The risk for the organization includes potential disruption of services using FFmpeg for video processing and the possibility of remote code execution, leading to system compromise.
Recommendation
It is recommended to immediately update FFmpeg to version 8.1.2 or later, which contains a fix for this vulnerability.
Original NVD description (English source)
An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2.

