> TritonInfoSec News
Home / Jun 24, 2026 / Story
0
#5 SecurityWeek general June 23, 2026 at 11:48 UTC

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances

By Ionut Arghire

AI Summary

A newly disclosed FFmpeg vulnerability dubbed 'PixelSmash' allows remote code execution via crafted media files in any application using FFmpeg's libavcodec library, including Jellyfin servers, and can trigger denial-of-service in Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. Given FFmpeg's ubiquity across media servers, NAS appliances, and video players, the attack surface is extremely broad. Administrators running any of these applications should apply the FFmpeg patch immediately and audit media ingestion pipelines.

Read full article → https://www.securityweek.com/ffmpeg-pixelsmash-fla…

Relevance score: 86.0/100

# More from June 24

  1. 1
    FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation The Hacker News
  2. 2
    Scattered Spider Hackers Plead Guilty on Day 1 of Trial Krebs on Security
  3. 3
    LastPass confirms data breach in Klue supply chain attack BleepingComputer
  4. 4
    Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration The Hacker News
  5. 6
    Five Eyes agencies sound alarm about AI’s threat to cybersecurity The Record
  6. 7
    FFmpeg fixes PixelSmash flaw in widely used video decoder BleepingComputer
  7. 8
    'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows Dark Reading
  8. 9
    Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks BleepingComputer
  9. 10
    WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool The Hacker News