> TritonInfoSec News
Home / Jun 24, 2026 / Story
0
#7 BleepingComputer general June 22, 2026 at 21:05 UTC

FFmpeg fixes PixelSmash flaw in widely used video decoder

By Bill Toulas

AI Summary

The FFmpeg PixelSmash flaw enables RCE on Jellyfin servers under specific conditions and DoS in widely deployed platforms including Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio through specially crafted media files parsed by libavcodec. A patch has been issued and is available in the latest FFmpeg release. The breadth of affected consumer and enterprise media applications makes this a high-priority patching item for both home lab operators and enterprise media infrastructure teams.

Read full article → https://www.bleepingcomputer.com/news/security/ffm…

Relevance score: 83.0/100

# More from June 24

  1. 1
    FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation The Hacker News
  2. 2
    Scattered Spider Hackers Plead Guilty on Day 1 of Trial Krebs on Security
  3. 3
    LastPass confirms data breach in Klue supply chain attack BleepingComputer
  4. 4
    Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration The Hacker News
  5. 5
    FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances SecurityWeek
  6. 6
    Five Eyes agencies sound alarm about AI’s threat to cybersecurity The Record
  7. 8
    'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows Dark Reading
  8. 9
    Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks BleepingComputer
  9. 10
    WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool The Hacker News