An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.
This vulnerability is associated with the file libavcodec/magicyuv.C.
This issue affects FFmpeg before version 8.1.2.
Metrics
Affected Vendors & Products
References
History
Mon, 29 Jun 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Thu, 18 Jun 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ffmpeg
Ffmpeg ffmpeg |
|
| Vendors & Products |
Ffmpeg
Ffmpeg ffmpeg |
Thu, 18 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2. | |
| Title | Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder | |
| Weaknesses | CWE-787 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: JFROG
Published: 2026-06-18T11:29:00.668Z
Updated: 2026-07-15T00:39:15.107Z
Reserved: 2026-05-13T09:59:49.355Z
Link: CVE-2026-8461
Updated: 2026-07-15T00:39:15.107Z
No data.