Xcitium Logo

PixelSmash: Critical FFmpeg MagicYUV Video Vulnerability (CVE-2026-8461)

FFmpeg’s PixelSmash vulnerability (CVE-2026-8461) exposes a critical flaw in the MagicYUV decoder that can lead to crashes and potential remote code execution. Learn how the bug works, why its attack surface is so broad, and what it means for media servers, streaming platforms, and video-processing applications.

Patch the Parser. Govern the Execution Path.
  • June 23, 2026

FFmpeg is a popular multimedia software library that is widely used by various video players, streaming services, and media servers. PixelSmash refers to a serious security vulnerability in the MagicYUV video decoder of FFmpeg. Such video formats as AVI, MKV, and MOV can be used to provoke this problem. As a consequence, PixelSmash may crash different media applications or even lead to remote code execution if ASLR is relaxed.

This bug arises because of the way the MagicYUV decoder treats video slices. An attacker can manipulate a value of the slice_height and, as a result, overflows the chroma-plane buffer by one row. Specifically, if the decoder uses an odd slice height when calculating chroma rows per slice, then rounding error occurs. Practically speaking, decoding of a malicious MagicYUV video results in the one-row heap overflow of the chroma buffer.

How PixelSmash Works: The Technical Breakdown

Rounding Error While Mapping Luma Slices (Y) Heights to Chroma Rows (U/V). In FFmpeg, the frame height and halved value are used for chroma; however, MagicYUV uses odd slice_height from the bitstream and uses the ceiling-right-shift (AV_CEIL_RSHIFT) which adds an additional half row of data per slice.

For example, coded_height 32, slice_height 31 → two slices will be decoded; 16 rows of buffer allocated for chroma but writes an additional 17th row for the last slice. Current mitigation protects only the interlaced mode and does not take into account the non-interlaced mode.

  • Buffer Overflow: Copying up to 640 bytes attacker-controllable content beyond buffer bounds.
  • Heap Layout: After each pixel buffer allocation, FFmpeg allocates the AVBuffer which manages memory.
  • Hijacking Control Flow: Overwriting function pointer (buf->free) and context (buf->opaque) with the address of system() and shell command leads to execution of system(cmd) at freeing stage.
  • Full Exploitation: The MagicYUV file with crafted content allows control flow hijacking, hence Remote Code Execution.
PixelSmash – FFmpeg MagicYUV Heap Overflow (RCE)
PIXELSMASH · FFMPEG · LIBAVCODEC
PixelSmash
MagicYUV Heap Overflow
A one-row heap overflow in FFmpeg’s MagicYUV video decoder. A crafted AVI, MKV, or MOV file triggers an out-of-bounds write in the chroma-plane buffer, crashing media applications (DoS) or enabling remote code execution when ASLR is relaxed.
Inside the Flaw
The MagicYUV decoder mishandles video slices. By manipulating the slice_height value, an attacker forces a rounding error in the calculation of chroma rows per slice. The result is a one-row overflow of the chroma-plane buffer; decoding a malicious MagicYUV stream writes past the allocated heap buffer.
The Technical Breakdown
FFmpeg halves the frame height for chroma, but MagicYUV uses an odd slice_height with a ceiling right-shift (AV_CEIL_RSHIFT), adding half a row per slice. E.g. coded_height 32, slice_height 31 → 16 chroma rows allocated, but a 17th row is written. Up to 640 bytes of attacker-controlled data land beyond the buffer.
From Overflow to RCE
• FFmpeg allocates an AVBuffer right after each pixel buffer
• Overflow overwrites the buf->free function pointer and buf->opaque context
• Pointed at system() + a shell command string
• At the free stage, system(cmd) runs → control-flow hijack (needs ASLR relaxed)
Affected Software
libavcodec is everywhere and MagicYUV is enabled by default. Confirmed crashes in Kodi, mpv, Jellyfin, Emby, Nextcloud, Immich, PhotoPrism, OBS Studio. Messengers (Slack, Discord, Telegram, WhatsApp) that build video thumbnails are potentially affected. Plex ships a stripped FFmpeg (decoders disabled) and is safe; Jellyfin was fully vulnerable by default.
ATTACK SCENARIOS: No credentials or permissions are required: only a way to deliver a media file. A crafted MagicYUV file triggers the bug via library scans (Jellyfin/Nextcloud calling ffprobe/ffmpeg), desktop thumbnail generation while browsing folders, cloud transcoding pipelines (AWS MediaConvert, Cloudflare Stream), and self-hosted NAS or smart TVs. It can even be seeded via torrents into a watched download folder, exploiting automatically with zero user interaction. Without ASLR relaxed, the overflow is still a reliable denial-of-service.
© 2026 XCITIUM INC. ALL RIGHTS RESERVED.

Affected Software and Use Cases

PixelSmash has a huge attack surface because the FFmpeg library libavcodec is used in many products. MagicYUV is enabled by default in FFmpeg builds, so any application capable of opening AVI/MKV/MOV could have decoded MagicYUV streams. The vulnerability is known to cause crashes in Kodi, mpv, Jellyfin, Emby, Nextcloud, Immich, PhotoPrism, and OBS Studio. Messengers (Slack, Discord, Telegram, WhatsApp) which use FFmpeg to generate video thumbnails for preview are potentially affected, though not verified yet.

Attacks scenarios:

  • Media Library Scan: A crafted MagicYUV file being scanned in a media library (Jellyfin, Nextcloud etc.) causes the vulnerability to trigger via ffprobe/ffmpeg.
  • File Browsing: Exploring directories with a crafted video file causes buffer overflow in desktop thumbnail generation systems.
  • Cloud Transcoding: Pipeline-based servers (AWS MediaConvert, Cloudflare Stream) processing users’ videos might crash or get compromised.
  • Self-hosted NAS/TVs: File servers or smart TVs producing video thumbnails are potentially affected because they have FFmpeg embedded.

Plex Media Server should be safe because it comes with a stripped-down version of FFmpeg where all decoders are disabled. Jellyfin was totally vulnerable with its default FFmpeg build.

Attack Scenarios and Impact

The PixelSmash chain was demonstrated in self-hosted deployments. Attack flow:

  • The attacker uploads a specially crafted MagicYUV AVI into the Jellyfin library.
  • The real-time monitor of Jellyfin initiates an ffprobe scan of the newly created files.
  • While decoding, an out-of-bounds memory write corrupts the AVBuffer.
  • On the cleanup stage of FFmpeg, the pointers that have been written to by the exploit call the system() function and spawn the attacker’s shell.
  • The command is executed with Jellyfin permissions, allowing the attacker to perform a remote code execution.

Disabling the Address Space Layout Randomization is necessary for the hijacking. Otherwise, the exploit won’t work. With or without ASLR/RCE protection mechanisms, the crash causes a denial-of-service, any application parsing the malicious video file will either fail or hang.

A different use case doesn’t involve any server-side code at all: use the malicious video file to seed torrents targeting Jellyfin users. If Jellyfin is configured to scan a certain download folder, then the vulnerability is exploited automatically without user interaction.

No special permissions or credentials are required to exploit PixelSmash vulnerability just a delivery mechanism of some media file. Thus, playing videos or scanning for them becomes the attack vector. MagicYUV is a common codec, which means that hundreds of downstream applications will have this security bug in their stack as a transitive dependency.

Fixes and Timeline

Version 8.1.2 was released on June 17, 2026, with a patch that implements sanity checks for the height of each slice to prevent overflow due to bad input. Upgrade or recompile older versions of FFmpeg without --disable-decoder=magicyuv. Jellyfin upgraded their FFmpeg bundle, and PhotoPrism has added file format blocklists to avoid problematic files.

Although the patch was included in FFmpeg 8.1.2 shortly after discovery, limiting the risk window, administrators should do a system-wide check to ensure that all instances are patched. Anything running an unpatched FFmpeg can be unpatched, so scan the system for the presence of the MagicYUV decoder (ffmpeg -decoders | grep magicyuv).

PixelSmash highlights how one small mistake in the parser of one obscure decoder can put a whole ecosystem at risk. Thousands of applications depend on FFmpeg to safely process videos provided by untrusted sources. Conclusion: Open-source libraries, even widely-used ones, may have longstanding vulnerabilities. Be aware of them when processing video.

Conclusion: When a Video File Becomes an Execution Path

PixelSmash shows how dangerous parser vulnerabilities can become when trusted software processes untrusted media. A crafted AVI, MKV, or MOV file should be harmless content. In this case, it can trigger a MagicYUV heap overflow inside FFmpeg, crash media applications, and under the right conditions turn video processing into remote code execution.

That is what makes this vulnerability so serious. The user may not need to open a suspicious executable. A media server, thumbnail generator, cloud transcoding pipeline, or watched download folder can process the file automatically.

Why This Threat Matters

FFmpeg is deeply embedded across the modern media ecosystem. When a flaw exists inside a common decoder, the attack surface expands far beyond one application.

  • Media servers can trigger the bug during automatic library scans
  • Desktop systems can trigger it through thumbnail generation
  • Cloud video pipelines can process malicious uploads at scale
  • NAS devices and smart TVs may expose embedded FFmpeg components
  • Self-hosted platforms can be attacked without credentials
  • Even when RCE conditions are not met, denial-of-service remains a real operational risk

PixelSmash proves that file parsing is execution risk. When software automatically interprets untrusted content, attackers get a path to the system.

Where Xcitium Changes the Outcome

This attack must be addressed at two points, before vulnerable media processing remains exposed and before exploit-driven execution can cause damage.

Xcitium Vulnerability Assessment helps teams identify vulnerable FFmpeg versions, exposed media services, and systems that need urgent patching or decoder review.

But patching is not enough when malicious files can reach systems before every dependency is updated.

Xcitium Advanced EDR, powered by Xcitium’s patented Zero-Dwell platform, applies Execution Governance when exploitation attempts turn into unknown tools, scripts, commands, or payloads.

Unknown code does not receive unrestricted execution rights.
Code can run without being able to cause damage.
Runtime behavior is governed before trust exists.

This is Execution Governance in practice.
Control before trust. Enforcement before impact. Proof after control.

Patch the Parser. Govern the Execution Path.

PixelSmash is a reminder that obscure codecs can create enterprise-wide risk when they sit inside widely used software. A single malformed media file can move from upload, scan, preview, or thumbnail generation into crash, compromise, or command execution.

Update FFmpeg immediately.
Review where MagicYUV decoding is enabled.
Govern unknown execution before a media file becomes system impact.

Choose Xcitium Advanced EDR, powered by Xcitium’s patented Zero-Dwell platform, to govern unknown execution before trust exists.

Like what you see? Share with a friend.

Related Resources
Hackers Exploit Fortinet SSO Auth Bypass to Gain Admin Access
Hackers Exploit Fortinet SSO Auth Bypass to Gain Admin Access

Two critical authentication bypass vulnerabilities have been actively exploited in the threat protection solutions offered by Fortinet’s management infrastructure. These...

Microsoft Defender Zero-Day Vulnerabilities Exploited in Active Attacks
Microsoft Defender Zero-Day Vulnerabilities Exploited in Active Attacks

Microsoft recently released emergency updates to plug two zero-day vulnerabilities in its Defender anti-malware products. One flaw allows a local...

Critical RCE Vulnerability: CVE-2025-59470 in Veeam Backup & Replication Explained
Critical RCE Vulnerability: CVE-2025-59470 in Veeam Backup & Replication Explained

Discover the critical RCE vulnerability CVE-2025-59470 in Veeam Backup & Replication. Learn about its impact, exploitation risks, and essential patching...

How a Single-Character Typo Created a Firefox 0-Day RCE
How a Single-Character Typo Created a Firefox 0-Day RCE

Understanding the Firefox SpiderMonkey Engine Vulnerability Recently, a critical Remote Code Execution (RCE) vulnerability was discovered in Mozilla Firefox. Interestingly,...

Move Away From Detection With Patented Threat Prevention Built For Today's Challenges.

No one can stop zero-day malware from entering your network, but Xcitium can prevent if from causing any damage. Zero infection. Zero damage.

Book a Demo