logo

PixelSmash flaw turns video files into attack tools

ID: 12899636-da70-5561-884c-083d6a96b04e

STIX ID: report--12899636-da70-5561-884c-083d6a96b04e

Feed Name: Malwarebytes Blog

Threat Score
75/100

Date Published: 2026-06-24

Date Updated: 2026-06-25

...
...

**PixelSmash (CVE-2026-8461)** — A critical vulnerability in FFmpeg's MagicYUV decoder (CVSS 8.8) allows specially crafted video files to trigger crashes or potential remote code execution when thumbnails, metadata extraction, or playback are performed; widely deployed FFmpeg usage (desktop thumbnailers, Jellyfin/Nextcloud, NAS, smart TVs) makes the impact broad and patching or disabling MagicYUV is recommended.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.