PixelSmash flaw turns video files into attack tools
ID: 12899636-da70-5561-884c-083d6a96b04e
STIX ID: report--12899636-da70-5561-884c-083d6a96b04e
Feed Name: Malwarebytes Blog
Threat Score
**PixelSmash (CVE-2026-8461)** — A critical vulnerability in FFmpeg's MagicYUV decoder (CVSS 8.8) allows specially crafted video files to trigger crashes or potential remote code execution when thumbnails, metadata extraction, or playback are performed; widely deployed FFmpeg usage (desktop thumbnailers, Jellyfin/Nextcloud, NAS, smart TVs) makes the impact broad and patching or disabling MagicYUV is recommended.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
