Out-of-bounds Write Vulnerability in FFmpeg's Libavcodec Library
CVE-2026-8461

8.8HIGH

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 18 June 2026

What is CVE-2026-8461?

An out-of-bounds write vulnerability has been identified in the libavcodec library of FFmpeg, particularly within the MagicYUV decoder. This flaw may lead to denial-of-service conditions and has the potential to be exploited for remote code execution. The issue arises from improper handling of certain inputs, resulting in memory corruption. Affected versions of FFmpeg must be updated to version 8.1.2 or later to mitigate these security risks.

Affected Version(s)

FFmpeg 0 < 8.1.2

References

https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-8461 Data

JSON

Ffmpeg

What is CVE-2026-8461?

Affected Version(s)

References

CVSS V3.1

Timeline