FFmpeg PixelSmash CVE-2026-8461 media-file RCE

Summary

JFrog Security Research disclosed PixelSmash on 2026-06-22: CVE-2026-8461, a heap out-of-bounds write in FFmpeg's MagicYUV decoder. JFrog rates the issue CVSS 8.8 high and says malicious media processing can move beyond denial of service into remote code execution in downstream applications that embed or call FFmpeg.

Track this as a dependency-blast-radius issue, not just an FFmpeg workstation bug. JFrog demonstrated exploitation paths against a Jellyfin media server through automatic library scanning and a Nextcloud instance through video-preview generation after uploading a crafted roughly 50 KB AVI file. The public RCE demonstration carries an important caveat: JFrog's reliable Jellyfin exploit used hardcoded addresses with ASLR disabled, but the crash and out-of-bounds write surface affects many media-processing stacks.

Tags

• ops
• operations
• FFmpeg
• PixelSmash
• CVE-2026-8461
• MagicYUV
• media processing
• remote code execution
• denial of service
• supply chain
• Jellyfin
• Nextcloud
• thumbnail generation
• self-hosted media
• cloud transcoding

Why this matters

• FFmpeg's libavcodec is embedded across desktop players, file-manager thumbnailers, self-hosted media servers, collaboration tools, cloud transcoding services, NAS appliances, and AI / ML media pipelines.
• The reachable attacker input is ordinary media content: AVI, MKV, or MOV containers that trigger MagicYUV decoding.
• Server-side preview, thumbnail, library-scan, and transcoding workflows can process untrusted files automatically after upload.
• JFrog confirmed crashes across applications including Kodi, mpv, ffmpegthumbnailer, Jellyfin, Emby, Nextcloud, Immich, PhotoPrism, and OBS Studio, and demonstrated code execution against Jellyfin in a controlled configuration.
• Downstream products often inherit the vulnerable decoder silently from bundled or system FFmpeg builds, so asset owners need dependency-level inventory rather than product-name-only checks.

Reported chain

Vulnerable decoder surface

• PixelSmash is in FFmpeg's MagicYUV decoder, reached through libavcodec when an application decodes a crafted media file.
• JFrog describes the primitive as a heap out-of-bounds write caused by malformed MagicYUV slice-height handling.
• Affected workflows include direct playback, browsing a directory that generates video thumbnails, media-server library scans, file-preview generation, and cloud or SaaS media transcoding.

Server-side exploitation examples

• Jellyfin: JFrog reports successful RCE through automatic library scanning after a crafted AVI was introduced into the media library.
• Nextcloud: JFrog reports exploitation through the video preview provider after uploading a crafted media file.
• Exploit caveat: JFrog's deterministic Jellyfin command-execution path depended on hardcoded addresses and ASLR being disabled. Keep exploitability assessments separate from the broader crash / memory-corruption exposure.

Downstream dependency blast radius

• The vulnerable component may be present in operating-system FFmpeg packages, statically bundled FFmpeg copies, container images, desktop packages, NAS firmware, and media-service appliances.
• JFrog says the MagicYUV decoder was enabled by default in upstream FFmpeg and distribution packages they tested before FFmpeg 9.0.
• FFmpeg released a patched version, 8.1.2, on 2026-06-17, and the CVE was published on 2026-06-18 according to JFrog's disclosure timeline.

Exposure and triage

Quick decoder check

Run this on hosts and containers that process media:

ffmpeg -decoders 2>/dev/null | grep magicyuv

JFrog says output containing VFS..D magicyuv indicates the MagicYUV decoder is present and should be treated as vulnerable unless the FFmpeg build includes the fix.

Immediate defender actions

• Upgrade FFmpeg packages, bundled FFmpeg binaries, and container images that process untrusted media; do not stop at the top-level application version.
• Inventory services that generate previews or thumbnails automatically: Jellyfin, Emby, Nextcloud, Immich, PhotoPrism, NAS media apps, chat/file-sharing systems, and cloud transcoding jobs.
• If patching is delayed and MagicYUV is not operationally required, rebuild FFmpeg with --disable-decoder=magicyuv or apply the minimal validation patch referenced by JFrog.
• Temporarily quarantine or disable automatic processing of newly uploaded video files in exposed media and collaboration platforms until the underlying FFmpeg path is verified fixed.
• Review crash telemetry, service restarts, and thumbnail / transcoding worker failures tied to recently uploaded AVI, MKV, or MOV files.
• For suspected exploitation, preserve uploaded media, worker logs, crash dumps, and filesystem metadata before cleanup; then rotate secrets accessible to media-processing service accounts after containment.

Detection ideas

• Alert on repeated FFmpeg, thumbnailer, preview-provider, Jellyfin, Nextcloud, Immich, or PhotoPrism worker crashes shortly after media upload.
• Hunt for unexpected child processes from media workers, especially shell, download, scripting, or reverse-tunnel utilities spawned by ffmpeg, ffprobe, thumbnailer daemons, or application preview workers.
• Track FFmpeg binary paths and versions inside containers; many vulnerable copies may live outside the host package manager.
• Add MagicYUV decoder presence to media-service hardening checks where the codec is not required.

Related pages

• Developer-tool config auto-execution
• Agent localhost control-plane RCE
• Splunk Enterprise CVE-2026-20253 pre-auth file write / RCE
• DAEMON Tools Lite supply-chain compromise

Sources

• JFrog Security Research: https://jfrog.com/blog/pixelsmash-critical-ffmpeg-vulnerability-turns-media-files-into-weapons/