CVE-2026-8461
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
18/06/2026
Last modified:
15/07/2026
Description
An out-of-bounds write vulnerability in FFmpeg&#39;s libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.<br />
<br />
This vulnerability is associated with the file libavcodec/magicyuv.C.<br />
<br />
<br />
<br />
This issue affects FFmpeg before version 8.1.2.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH



