
Critical FFmpeg Vulnerability Enables Weaponized Media File Attacks
A newly disclosed heap overflow in FFmpeg’s MagicYUV decoder allows attackers to achieve remote code execution by delivering a single crafted media file, with no authentication required. JFrog Security Research has disclosed a critical vulnerability in FFmpeg, dubbed PixelSmash (CVE-2026-8461), carrying a CVSS score of 8.8 (High). The flaw resides in FFmpeg’s MagicYUV decoder within […]
The post Critical FFmpeg Vulnerability Enables Weaponized Media File Attacks appeared first on Cyber Security News.