Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Network-delivered malicious file requires user/pipeline to decode it (UI:R, PR:N); reliable RCE from an OOB write depends on heap state and mitigations, justifying AC:H over AC:L, with full CIA impact on the decoding process.
Primary rating from Vendor (JFROG).
CVSS VectorVendor: JFROG
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution.
This vulnerability is associated with the file libavcodec/magicyuv.C.
This issue affects FFmpeg before version 8.1.2.
Articles & Coverage 1
AnalysisAI
Out-of-bounds write in FFmpeg's libavcodec MagicYUV decoder (libavcodec/magicyuv.c) affects all FFmpeg versions before 8.1.2, allowing remote attackers to cause denial-of-service and potentially achieve remote code execution when a victim processes a crafted MagicYUV-encoded media file. No public exploit identified at time of analysis, but the broad deployment of FFmpeg across media players, transcoding pipelines, browsers, and server-side processing makes this a high-priority patch. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target to decode an attacker-supplied MagicYUV-encoded stream through FFmpeg's libavcodec MagicYUV decoder (libavcodec/magicyuv.c) on a version before 8.1.2; the CVSS UI:R metric reflects that a user or automated pipeline must actually open or process the malicious file. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H scores 8.8 and reflects a network-reachable, low-complexity, unauthenticated attack requiring user interaction (opening or processing a malicious media file), with full CIA impact consistent with potential RCE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious video file containing a malformed MagicYUV stream and delivers it via a video sharing site, chat attachment, email, or a URL that a media player or server-side transcoder will fetch. When the victim opens the file (or a backend transcoder automatically processes the upload), libavcodec's MagicYUV decoder writes out of bounds while parsing attacker-controlled fields, crashing the process at minimum and potentially executing attacker-controlled code with the privileges of the media-handling process. … |
| Remediation | Upstream fix available (PR https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159); released patched version 8.1.2 is referenced in the description but should be verified against the official FFmpeg release once tags are published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct comprehensive inventory of all FFmpeg deployments, including embedded instances in applications, streaming services, and video processing pipelines. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Out-of-bounds heap write in FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) allows attackers to corrupt m
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. Rated
FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c. Rated m
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. Rated medium severity (CVSS 5.3), this
ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c. Rated mediu
A vulnerability was found in FFmpeg up to 7.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack comple
FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a
Integer overflow in FFmpeg's CENC subsample data parsing (libavformat/mov.c) before version 8.1 enables out-of-bounds me
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable.
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potent
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically
Same weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37878
GHSA-qff7-4q6c-m8h6