FFmpeg MagicYUV Vulnerability Exposes Media Applications
ID: e6688478-31be-50bc-af00-1908dcd868d2
STIX ID: report--e6688478-31be-50bc-af00-1908dcd868d2
Feed Name: securityonline.info
Threat Score
**CVE-2026-8461 — FFmpeg MagicYUV heap out-of-bounds write (CVSS 8.8):** JFrog researchers disclosed a critical vulnerability in the MagicYUV decoder that can be triggered by a crafted video file to cause heap corruption and hijack execution (affecting FFmpeg < 8.1.2 and downstream apps such as Jellyfin and Nextcloud); a public proof-of-concept exists and administrators are advised to upgrade to 8.1.2 or disable the decoder.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
