{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-8461","assignerOrgId":"48a46f29-ae42-4e1d-90dd-c1676c1e5e6d","state":"PUBLISHED","assignerShortName":"JFROG","dateReserved":"2026-05-13T09:59:49.355Z","datePublished":"2026-06-18T11:29:00.668Z","dateUpdated":"2026-06-30T12:10:53.622Z"},"containers":{"cna":{"providerMetadata":{"orgId":"48a46f29-ae42-4e1d-90dd-c1676c1e5e6d","shortName":"JFROG","dateUpdated":"2026-06-18T11:29:00.668Z"},"title":"Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder","datePublic":"2026-06-18T11:14:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-787","description":"CWE-787 Out-of-bounds write","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100 Overflow Buffers"}]},{"capecId":"CAPEC-123","descriptions":[{"lang":"en","value":"CAPEC-123 Buffer Manipulation"}]},{"capecId":"CAPEC-586","descriptions":[{"lang":"en","value":"CAPEC-586 Object Injection"}]}],"affected":[{"vendor":"FFmpeg","product":"FFmpeg","modules":["libavcodec"],"programFiles":["libavcodec/magicyuv.c"],"versions":[{"status":"affected","version":"0","lessThan":"8.1.2","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.\n\n This vulnerability is associated with the file libavcodec/magicyuv.C.\n\n\n\nThis issue affects FFmpeg before version 8.1.2.","supportingMedia":[{"type":"text/html","base64":false,"value":"An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.<p> This vulnerability is associated with the file libavcodec/magicyuv.C.</p><p>This issue affects FFmpeg before version 8.1.2.</p>"}]}],"references":[{"url":"https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-18T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-8461"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-19T03:55:41.539Z"}},{"affected":[{"cpes":["cpe:/a:redhat:ai_inference_server:3"],"defaultStatus":"affected","product":"Red Hat AI Inference Server","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux_ai:3"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"}],"datePublic":"2026-06-18T11:29:00.668Z","descriptions":[{"lang":"en","value":"A flaw was found in FFmpeg's libavcodec library. This out-of-bounds write vulnerability, specifically within the MagicYUV decoder, could allow a remote attacker to execute arbitrary code on the affected system. In other scenarios, it may lead to a denial-of-service, making the system unavailable."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-787","description":"Out-of-bounds Write","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-8461"},{"name":"RHBZ#2490308","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2490308"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8461.json"}],"timeline":[{"lang":"en","time":"2026-06-18T13:01:05.008Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-06-18T11:29:00.668Z","value":"Made public."}],"title":"ffmpeg: FFmpeg: Remote code execution via out-of-bounds write in MagicYUV decoder","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:10:53.622Z"}}]}}