FFmpeg MagicYUV decoder heap OOB write (PixelSmash, CVSS 8.8) — fixed FFmpeg 8.1.2; out-of-window this run

cve · CVE-2026-8461

Coverage timeline

first 2026-06-26 → last 2026-06-26

Briefs

1 distinct

Sources cited

2 hosts

Sections touched

—

Co-occurring entities

no co-occurrence

Story timeline

2026-06-26CTI Daily Brief — 2026-06-26

Source distribution

depthfirst.com1 (50%)
thehackernews.com1 (50%)

External references

NVD · cve.org · CISA KEV

All cited sources (2)

depthfirst.cominlinedepthfirst, 2026-06-02https://depthfirst.com/research/21-zero-days-in-ffmpeg
source profile · cited in 2026-06-07
thehackernews.cominlineThe Hacker News, 2026-06-06https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html
cited in 2026-06-07

Items in briefs about FFmpeg MagicYUV decoder heap OOB write (PixelSmash, CVSS 8.8) — fixed FFmpeg 8.1.2; out-of-window this run

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.