This vulnerability is associated with the file libavcodec/magicyuv.C.
This issue affects FFmpeg before version 8.1.2.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6361-1 | ffmpeg security update |
Mon, 29 Jun 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Thu, 18 Jun 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ffmpeg
Ffmpeg ffmpeg |
|
| Vendors & Products |
Ffmpeg
Ffmpeg ffmpeg |
Thu, 18 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2. | |
| Title | Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder | |
| Weaknesses | CWE-787 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: JFROG
Published:
Updated: 2026-06-19T03:55:41.539Z
Reserved: 2026-05-13T09:59:49.355Z
Link: CVE-2026-8461
Updated: 2026-06-18T12:26:56.161Z
No data.
OpenCVE Enrichment
Updated: 2026-06-18T21:00:13Z
Debian DSA