PixelSmash flaw turns video files into attack tools

A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have disclosed PixelSmash, a critical vulnerability tracked as CVE-2026-8461, in FFmpeg’s MagicYUV video decoder with a CVSS score of 8.8. By crafting a...

FFmpeg < 8.1.2 Out-of-Bounds Write (CVE-2026-8461)

The version of FFmpeg installed on the remote host is prior to 8.1.2. It is, therefore, affected by an out-of-bounds write vulnerability: - An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can b...

CVE-2026-8461 Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

CVE-2026-8461

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

CVE-2025-8461

creationtimestamp| type| source ---|---|--- 2026-02-03 10:00:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdx42ssepk2x...

EUVD-2025-8461

Malicious code in bioql PyPI...

CVE-2024-8461

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. T...

CVE-2019-8461

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with...

CVE-2024-8461

creationtimestamp| type| source ---|---|--- 2024-09-05 16:22:20+00:00| seen| https://t.me/cvedetector/4917...

CVE-2024-8461

The CVE-2024-8461 case concerns D-Link DNS-320 firmware 2.02b01 where the Web Management Interface file /cgi-bin/discovery.cgi mishandles access, enabling information disclosure. Documents state the vulnerability can be triggered remotely and that public exploits exist. The affected product is en...

K30673534: BIND vulnerability CVE-2015-8461

Security Advisory Description Beginning with the September 2015 maintenance releases 9.9.8 and 9.10.3, an error was introduced into BIND 9 which can cause a server to exit after encountering an INSIST assertion failure in resolver.c. CVE-2015-8461 Impact There is no impact; F5 products are not...

Slackware: Security Advisory (SSA:2015-349-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows RRAS Service MIBEntryGet Overflow Exploit

This Metasploit module exploits an overflow in the Windows Routing and Remote Access Service RRAS to execute code as SYSTEM. The RRAS DCERPC endpoint is accessible to unauthenticated users via SMBv1 browser named pipe on Windows Server 2003 and Windows XP hosts; however, this module targets Windo...

CVE-2017-8461

creationtimestamp| type| source ---|---|--- 2021-03-05 10:08:41+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/smbrraserraticgopher.rb 2024-10-14 21:44:46+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/508 2025-02-06...

Microsoft Windows RRAS Service MIBEntryGet Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows RRAS Service MIBEntryGet Overflow', 'Description' = %q This module exploits an overflow in the Windows Routing and Remote Acces...

CVE-2020-8465

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass CVE-2020-8461 and authentication bypass CVE-2020-8464 to execute code as user root...

CVE-2020-8461

CVE-2020-8461 describes a CSRF protection bypass in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2. An attacker could induce a victim to make a specially encoded request without a valid CSRF token, effectively bypassing CSRF protections. This affects IWSVA 6.5 SP2; CVSS metrics indi...

Check Point Local Privilege Escalation

The remote host is running a version of Checkpoint Endpoint Security Initial Client. that is vulnerable to a local privilege escalation vulnerability. The vulnerability exists because vulnerable versions attempt to load a DLL that is placed in any PATH location on a clean install. An attacker cou...

Security Bulletin: IBM i is affected by networking BIND vulnerabilities.

Summary ISC BIND is vulnerable to several security vulnerabilities. Vulnerability Details CVEID: CVE-2015-8000 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error in db.c when parsing incoming responses. A remote attacker could exploit this vulnerability to trigger a...

Check Point Response to CVE-2019-8461 - Endpoint Security Initial Client

...