FFmpeg Patches 'PixelSmash' MagicYUV Heap Overflow Affecting Jellyfin, Kodi, OBS, and More
FFmpeg version 8.1.2 fixes CVE-2026-8461, a high-severity heap out-of-bounds write in the MagicYUV decoder that can enable remote code execution on Jellyfin servers and denial-of-service across dozens of media applications.
FFmpeg has released version 8.1.2 to patch a critical vulnerability in its MagicYUV decoder, tracked as CVE-2026-8461 and dubbed 'PixelSmash.' The flaw, a heap out-of-bounds write, carries a CVSS score of 8.8 and affects any application relying on FFmpeg's libavcodec library for video decoding. Researchers at JFrog discovered the bug and demonstrated that it can lead to remote code execution on Jellyfin media servers under specific conditions, as well as reliable denial-of-service in popular software including Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio.
The root cause lies in an inconsistency between how the frame allocator and the MagicYUV decoder compute chroma plane heights when processing slices—independent regions of a video frame. By crafting a malicious video file in AVI, MKV, or MOV format, an attacker can trigger a one-row heap buffer overflow. The vulnerability is exploitable whenever a user opens such a file, browses a directory containing it (triggering thumbnail generation), or runs any automated media ingestion workflow.
JFrog researcher Yuval Moravchick achieved full remote code execution against a Jellyfin 10.11.9 server by seeding a malicious AVI file into the media library. Jellyfin's automatic ffprobe metadata scan triggered the overflow, allowing the attacker to hijack the AVBuffer.free function to execute arbitrary commands as the jellyfin service user. However, the RCE exploit requires Address Space Layout Randomization (ASLR) to be disabled; the researcher noted that chaining PixelSmash with a separate information-disclosure bug in FFmpeg's FlashSV decoder could theoretically bypass ASLR.
Even without RCE, CVE-2026-8461 reliably causes denial-of-service on vulnerable targets. Applications like Kodi, OBS Studio, PhotoPrism, and GNOME/KDE/XFCE thumbnail generators use FFmpeg with the MagicYUV decoder enabled by default. Messaging platforms such as Slack, Discord, Telegram, and WhatsApp also use FFmpeg for server-side video previews and may be susceptible, though they were not tested by JFrog.
Plex, the most popular media server, uses a custom FFmpeg build with decoders disabled and a minimal allowlist, effectively mitigating the risk. Jellyfin has updated its bundled FFmpeg version, and PhotoPrism is working on adding a file format blocklist. Nextcloud declined to address the flaw, stating it exists outside of Nextcloud. JFrog reported the vulnerability to the FFmpeg security team on May 13, and the fix was released in version 8.1.2 on June 17.
The researchers warn that PixelSmash has a massive attack surface because the MagicYUV decoder is present in hundreds of projects that trust FFmpeg to handle untrusted input safely, turning the vulnerability into a supply-chain problem. Users are urged to update FFmpeg to version 8.1.2 or later immediately, and organizations using affected applications should apply patches as soon as they become available.