CVE-2026-8461 - Vulnerability Details - OpenCVE

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159

History

Thu, 18 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2.
Title		Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
Weaknesses		CWE-787
References		https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: JFROG

Published: 2026-06-18T11:29:00.668Z

Updated: 2026-06-18T12:26:59.855Z

Reserved: 2026-05-13T09:59:49.355Z

Link: CVE-2026-8461

Vulnrichment

Updated: 2026-06-18T12:26:56.161Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8461", "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "state": "PUBLISHED", "assignerShortName": "JFROG", "dateReserved": "2026-05-13T09:59:49.355Z", "datePublished": "2026-06-18T11:29:00.668Z", "dateUpdated": "2026-06-18T12:26:59.855Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG", "dateUpdated": "2026-06-18T11:29:00.668Z"}, "title": "Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder", "datePublic": "2026-06-18T11:14:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}, {"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}, {"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "affected": [{"vendor": "FFmpeg", "product": "FFmpeg", "modules": ["libavcodec"], "programFiles": ["libavcodec/magicyuv.c"], "versions": [{"status": "affected", "version": "0", "lessThan": "8.1.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.\n\n This vulnerability is associated with the file libavcodec/magicyuv.C.\n\n\n\nThis issue affects FFmpeg before version 8.1.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.<p> This vulnerability is associated with the file libavcodec/magicyuv.C.</p><p>This issue affects FFmpeg before version 8.1.2.</p>"}]}], "references": [{"url": "https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-18T12:26:45.287776Z", "id": "CVE-2026-8461", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T12:26:59.855Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-8461", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-18T12:26:45.287776Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T12:26:56.161Z"}}], "cna": {"title": "Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}, {"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}, {"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}], "affected": [{"vendor": "FFmpeg", "modules": ["libavcodec"], "product": "FFmpeg", "versions": [{"status": "affected", "version": "0", "lessThan": "8.1.2", "versionType": "custom"}], "programFiles": ["libavcodec/magicyuv.c"], "defaultStatus": "unaffected"}], "datePublic": "2026-06-18T11:14:00.000Z", "references": [{"url": "https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.\n\n This vulnerability is associated with the file libavcodec/magicyuv.C.\n\n\n\nThis issue affects FFmpeg before version 8.1.2.", "supportingMedia": [{"type": "text/html", "value": "An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.<p> This vulnerability is associated with the file libavcodec/magicyuv.C.</p><p>This issue affects FFmpeg before version 8.1.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds write"}]}], "providerMetadata": {"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG", "dateUpdated": "2026-06-18T11:29:00.668Z"}}}, "cveMetadata": {"cveId": "CVE-2026-8461", "state": "PUBLISHED", "dateUpdated": "2026-06-18T12:26:59.855Z", "dateReserved": "2026-05-13T09:59:49.355Z", "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "datePublished": "2026-06-18T11:29:00.668Z", "assignerShortName": "JFROG"}, "dataVersion": "5.2"}