FFmpeg MagicYUV Decoder Out-of-Bounds Write / RCE — PixelSmash (CVE-2026-8461)
by JFrog Security Research (CNA, discovery); Ashraf Zaryouh / 0xBlackash (PoC) · 2026-06-30
- Severity
- High
- CVE
- CVE-2026-8461
- Category
- binary
- Affected product
- FFmpeg libavcodec — MagicYUV video decoder
- Affected versions
- FFmpeg < 8.1.2
- Disclosed
- 2026-06-30
- Patch status
- patched
Tags
References
Archive entry
intelseclab/poc-archiveMetadata
| Field | Value |
|---|---|
| Date Added | 2026-06-30 |
| Last Updated | 2026-06-30 |
| Author / Researcher | JFrog Security Research (CNA, discovery); Ashraf Zaryouh / 0xBlackash (PoC) |
| CVE / Advisory | CVE-2026-8461 |
| Category | binary |
| Severity | High |
| CVSS Score | 8.8 (CVSSv3.1; AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) |
| Status | PoC |
| Tags | RCE, OOB-write, heap-corruption, FFmpeg, MagicYUV, media, video, PixelSmash, libavcodec, Python, High |
| Related | N/A |
Affected Target
| Field | Value |
|---|---|
| Software / System | FFmpeg libavcodec — MagicYUV video decoder |
| Versions Affected | FFmpeg < 8.1.2 |
| Language / Platform | Python (PoC / file generator); C (FFmpeg target) |
| Authentication Required | No (file processed by target application) |
| Network Access Required | No (requires user to open or server to process a malicious file) |
Summary
CVE-2026-8461 (codename PixelSmash) is a High-severity out-of-bounds heap write in FFmpeg’s MagicYUV decoder (libavcodec). Improper bounds validation during frame decoding allows a specially crafted video file with an odd slice height to trigger a heap buffer overflow. The corruption overwrites AVBuffer structures with attacker-controlled pointers, enabling a chain to system() and arbitrary code execution. Because FFmpeg is embedded in a wide range of media applications — Jellyfin, Nextcloud, OBS Studio, Kodi, mpv, and Red Hat AI infrastructure — any application that processes untrusted media files is a potential attack surface. Fixed in FFmpeg 8.1.2 (PR #23159, published June 18, 2026).
Vulnerability Details
Root Cause
The MagicYUV decoder in libavcodec fails to validate frame slice dimensions against buffer boundaries. When an AVI file is crafted with an odd slice height value, the decoder computes an incorrect chroma plane offset that falls outside the allocated heap buffer. Subsequent left-prediction encoding operations write attacker-controlled bytes beyond the buffer boundary, corrupting adjacent AVBuffer heap structures.
CWE-787 (Out-of-Bounds Write).
Attack Steps
- Attacker crafts a malicious AVI file containing MagicYUV-encoded frames with an odd slice height and a payload encoded in the chroma plane.
- The file is delivered to a target that processes it with FFmpeg (upload to media server, share via messaging, trigger automated transcoding, etc.).
- FFmpeg decodes the MagicYUV frame; the OOB write corrupts
AVBufferstructures. - Heap layout manipulation redirects execution to
system(). - Attacker-controlled command string executes as the FFmpeg process user.
Affected Applications
Any application embedding FFmpeg < 8.1.2 that processes untrusted media is at risk:
- Jellyfin — media server (auto-transcoding of uploaded content)
- Nextcloud — file server (thumbnail generation)
- OBS Studio — recording/streaming software
- Kodi — media center
- mpv — media player
- ffmpegthumbnailer — thumbnail generation pipeline
- Red Hat AI Inference Server 3 / RHEL AI 3 / OpenShift AI
Impact
- Arbitrary code execution as the application process user.
- In media server deployments, unauthenticated exploitation is possible by uploading a malicious video file that triggers automatic transcoding/thumbnail generation.
- Affected Red Hat enterprise AI platforms indicate supply-chain risk beyond desktop media software.
Environment / Lab Setup
Target: FFmpeg < 8.1.2 (libavcodec)
Attacker: Python 3
PoC: Generates malicious AVI file; optionally configures target heap addresses via JSON or CLI
Build Malicious File
| |
Trigger
| |
Expected Output (Vulnerable)
[*] Generating malicious MagicYUV AVI...
[*] Odd slice height: 0x141
[*] Encoding chroma payload...
[+] poc.avi written (2.3 MB)
Segmentation fault (core dumped)
uid=1000(www-data) gid=1000(www-data)
$ id
uid=0(root)... # depending on setuid context
Detection & Indicators of Compromise
| |
Remediation
| Action | Detail |
|---|---|
| Patch | Upgrade FFmpeg to 8.1.2 (fix: PR #23159 merged June 2026) |
| Red Hat | Apply updates for RHSA-affected packages (Red Hat AI Inference Server 3, RHEL AI 3, OpenShift AI) |
| Sandbox | Run FFmpeg transcoding in a sandboxed/isolated process (seccomp, container) |
| Disable | If MagicYUV support is not needed, compile FFmpeg with --disable-magicyuv |
| Input validation | Reject uploaded media files with unexpected codec types before processing |
References
| |