A hole in the widely used FFmpeg codec could crash media servers or enable RCE
A critical vulnerability recently discovered in the FFmpeg media processing framework combined with a large number of open source and commercial application areas, and, in the need for CSOs to have strategies to deal with the vulnerability of the software supply chain, which should include the requirement of a software bill of materials for all products.
Discovered by researchers at JFrog, the hole (CVE-2026-8461) is an out-of-bounds write to the MagicYUV encoder that can crash any application using the framework. It works on everything from desktop video players like Kodi and mpv, to Linux file manager icon generators, to cloud transcoding pipelines (such as AWS MediaConvert and Cloudflare Stream) and hosted media servers.
The port is called PixelSmash.
“The vulnerability can be used to crash systems and, in extreme cases, can be escalated to remote code execution, which means it should be taken seriously and prioritized by security teams and developers,” Yuval Moravchik, who leads JFrog’s vulnerability research team, said in an email. “CSOs and developers should ensure that their application security products alert them to the existence of these vulnerabilities, the sooner the better.”
The researchers said they demonstrated the full exploit, finding remote code execution on two independent devices: the Jellyfin media server (via automatic library scan) and an example of the Nextcloud collaboration platform (via a video preview provider), in both cases by simply uploading a 50 KB formatted AVI file.
In fact, any formatted media file (AVI, MKV, or MOV container) will work in an application that uses FFmpeg’s libavcodec. Even the file folder containing the application is vulnerable, because the thumbnail generator of the file manager will trigger an error.
“All it takes is processing a single malicious media file,” the researchers said.
There is one workaround: If the MagicYUV decoder is not needed, it can be disabled by developers at build time.
However, Garrett Calpouzos, principal security researcher at Sonatype, doubts widespread exploitation will become commonplace. “I would be surprised to see widespread, reliable exploitation of this bug in a modern, robust environment,” he said. The CSO in the email. “The most immediate real danger is denial-of-service (DoS), especially for services that process untrusted media on a large scale.”
Regardless, FFmpeg users should upgrade to the patched version (8.1.2) as soon as possible if they know it’s in their systems or are notified by vendors.
Basic dependency
JFrog notes that FFmpeg is integrated or linked by almost every media processing application across the platform. It confirmed crashes for Kodi, mpv, ffmpegthumbnailer (used by GNOME, KDE, XFCE), Jellyfin, Emby, Nextcloud, Immich, PhotoPrism, and OBS Studio, among others.
The vulnerability is one flaw in the codec extractor inside FFmpeg, but it is a core dependency embedded in hundreds of cross-platform projects that span the entire operating system that integrates libavcodec, an open source library that provides basic encoding and decoding capabilities for audio and video.
None of the affected projects ported the bug, the researchers note. They quietly benefit from their reliance on FFmpeg. And many, they add, have no way to detect or mitigate it independently.
This is not the first security issue in FFmpeg. As researchers at DepthFirst said earlier this month, Google’s Big Sleep team uncovered 13 vulnerabilities, while Anthropic, using its Claude Mythos preview model, found a 16-year-old hole. In April, researchers at SentinelOne described a buffer overflow vulnerability, and last December researchers at ZeroPath reported finding seven memory vulnerabilities.
Combating supply chain vulnerability
The vulnerability of the software supply chain due to weaknesses in third-party libraries and open source components has long been known as a security risk. Arguably the most infamous is the 2020 compromise of an update machine for the SolarWinds Orion IT infrastructure management platform where a Russian threat group called APT20/Cozy Bear installed a backdoor into an official update to 18,000 customers, although a much smaller group was exploited.
To combat supply chain vulnerabilities, experts say developers need to implement techniques to test code before it is deployed. This includes software architecture analysis, which provides visibility into software dependencies, static application security testing, container scanning, and having or generating a software bill of material (SBOM).
[Related content: What is an SBOM?]
SBOMs are important
SBOMs are easy to create if the developer is building his own application. They are difficult to find in downloaded or commercial programs.
Johannes Ullrich, director of research at the SANS Institute, said The CSO that transparent declaration of dependencies through SBOMs is essential if organizations are to accurately understand the risks posed by the software. In particular, commercial software vendors are often reluctant to announce components; the perceived value that commercial software tries to express is often inconsistent with the wrappers they use for commonly used open source components.
One of the problems with the PixelSmash vulnerability, he pointed out, is that the use of FFmpeg in the application is often not visible or announced. SBOM can help CSOs or heads of development groups to quickly learn if any of their applications are affected.
What will it take to encourage CSOs to make SBOMs part of their security strategies? “Regulation to comply,” Ullrich replied. “These changes are generally only made if compliance requires them. Some influences may be included by government customers who require SBOMs, but again, that will only happen if compliance requires this as part of procurement guidelines.”
Lesson: Control of the attack surface
Sonatype’s Calpouzos said one big business lesson from the PixelSmash acquisition is managing the attack surface. MagicYUV is a lossless video format used more in high-end video editing workflows than in standard web video delivery, he pointed out, and FFmpeg is often built with all decoders enabled, which means many applications end up exposing codecs they may not really need. Infosec teams need to ensure that they enable only the formats and features their organization uses in applications.
“That’s where SBOMs are important,” he added. “Most organizations don’t have a full understanding of where FFmpeg is embedded, whether it’s integrated or dynamically linked, or what optional features are enabled. SBOM helps security teams go from ‘Are we exposed?’ on ‘Where are we being exposed, and how quickly can we fix it?’ In the age of AI, attackers and researchers alike can infect open source projects with overlooked vulnerabilities in obscure features, so organizations need to know what they’re sending, limit what they disclose, keep automated security controls enabled, and fast-track.
Recommendations for SBOMs
The Cybersecurity and Infrastructure Security Agency (CISA) of the US has distributed a suggested list of minimum items that should be included in a software bill of material.
“An effective way to share and use software data must be automated and analyzed,” it notes. “The SBOM model achieves both by capturing software component data in machine-processable format and supporting functions that analyze, share, and control it. SBOM data can be mapped to other data sources such as security advisories or organization-level ‘approved/disapproved’ software databases to improve other key processes (eg, secure software development, SBOM security will not solve software supply concerns). it is a necessary step that allows and enables informed risk-based security decisions.”
Separately, last month the G7 cybersecurity working group, which includes the US, Germany, Canada, France, Italy, Japan, the United Kingdom and the European Union, issued joint guidance, Software Bill of Materials for AI – Minimum Elementsto help public and private sector stakeholders improve transparency in their artificial intelligence (AI) systems and supply chains.
However, JFrog’s Moravchik says that while hardware software is an important first step, it’s only the beginning of more secure applications. “Standing teams pair it with ongoing CVE mapping and exploit analysis, scan at the binary level where these dependencies reside, and disable codecs and features they don’t use,” he said. The CSO.
Infosec leaders must also move from being reactive to being proactive, he said. That means moving security policy upstream so that vulnerabilities are blocked at the door, with automated governance of every package, model, and agent tool that enters the pipeline paired with AI-powered threat detection, rather than patching in the wild after CVE drops.
