CVE-2026-8461

This repository contains a functional exploit for CVE-2026-8461, a heap out-of-bounds write vulnerability in FFmpeg's MagicYUV decoder. The exploit generates a malicious AVI file that triggers the vulnerability, potentially leading to remote code execution (RCE) under specific heap conditions.

This repository contains a functional exploit for CVE-2026-8461, a heap out-of-bounds write vulnerability in FFmpeg's MagicYUV decoder. The exploit leverages left-prediction encoding to achieve arbitrary code execution by overwriting the AVBuffer struct and hijacking the free function pointer to execute system commands.

This repository provides a detailed technical writeup and build scripts for creating a patched FFmpeg 8.1.2 binary to address CVE-2026-8461, ensuring compatibility with Jellyfin. It includes build automation, verification steps, and configuration details but does not contain exploit code.

The repository contains a functional exploit PoC for CVE-2026-8461, targeting an out-of-bounds write vulnerability in FFmpeg's MagicYUV decoder. The exploit generates a malicious AVI file that can trigger memory corruption and potentially achieve remote code execution.

The repository lacks actual exploit code or technical details about CVE-2026-8461, instead providing generic setup instructions and a script to download external content. The README is filled with disclaimers and ethical use statements but no substantive vulnerability analysis.

This repository contains a functional exploit for CVE-2026-8461, leveraging an out-of-bounds (OOB) write in FFmpeg's MagicYUV decoder to achieve arbitrary code execution via AVBuffer struct manipulation. The exploit uses left-prediction encoding to precisely overwrite heap structures and hijack control flow.