Skip to content

[BUG] FFmpeg 8.1 is vulernable to CVE-2026-8461 #125

Description

@SergeantPanda

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

The current version of FFmpeg 8.1 is vulnerable to CVE-2026-8461 and needs to be updated to 8.1.2 to resolve.

Expected Behavior

No response

Steps To Reproduce

If you run the following command: ffmpeg -decoders 2>/dev/null | grep magicyuv and get a response similar to this: VFS..D magicyuv MagicYUV video, based on this: https://jfrog.com/blog/pixelsmash-critical-ffmpeg-vulnerability-turns-media-files-into-weapons/ then FFmpeg is vulnerable.

Environment

NA

Docker creation

NA

Container logs

ffmpeg -decoders 2>/dev/null | grep magicyuv
 VFS..D magicyuv             MagicYUV video

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions