News Security FFmpeg patches “PixelSmash” in MagicYUV: what users of media apps should know June 23, 2026 / June 23, 2026 by Alex Mira | Leave a Comment FFmpeg fixed “PixelSmash” (CVE-2026-8461) in the MagicYUV decoder, a flaw that can crash applications and, under specific conditions, enable RCE. A separate RASC decoder bug (CVE-2026-12706) can also cause crashes when parsing malicious AVI files. Read more » CVE-2026-12706 CVE-2026-8461 FFmpeg Jellyfin MagicYUV Media security Supply chain Vulnerabilities
