FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ffmpeg -- Out-of-bounds write

Affected packages
ffmpeg < 8.1.2

Details

VuXML ID ba8d239f-709f-11f1-a30e-28d2443e6cfa
Discovery 2026-06-18
Entry 2026-06-25

https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159 reports:

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2.

References

CVE Name CVE-2026-8461
URL https://github.com/advisories/GHSA-qff7-4q6c-m8h6
URL https://nvd.nist.gov/vuln/detail/CVE-2026-8461