PixelSmash: Heap Out-of-Bounds Write in FFmpeg MagicYUV Decoder

Repository contains a single Python exploit generator and a README. The main file, CVE-2026-8461.py, is a standalone Python 3 proof-of-concept/operational exploit builder for a claimed FFmpeg MagicYUV decoder out-of-bounds write vulnerability (CVE-2026-8461, 'PixelSmash'). The script constructs a minimal MagicYUV frame inside an AVI container, deliberately using SLICE_HEIGHT=31 and crafted chroma-plane data to trigger an out-of-bounds write during decoding. Its exploitation strategy is more than a crash PoC: it embeds an attacker-supplied shell command into a heap-shaped payload, preserves optional glibc metadata, and overwrites fields resembling an AVBuffer structure so that a function pointer/free callback is replaced with system() and the opaque pointer references the command buffer. The script supports target-specific calibration through a JSON file or direct CLI parameters for system() and command heap addresses, indicating an attempt at practical RCE under controlled conditions. Repository structure is minimal: README.md documents the vulnerability, impact, affected software, and mitigation; CVE-2026-8461.py is the only code file and clear entry point. No network communication, C2, or remote endpoints are present in the code; delivery is via a malicious media file, making the primary attack vector file-based against applications or services that automatically decode MagicYUV/FFmpeg content.

Repository contains a working Python-based exploit PoC for CVE-2026-8461 ('PixelSmash'), a heap out-of-bounds write in FFmpeg's MagicYUV decoder. The repo structure is straightforward: two detailed analysis documents (English and Chinese), a README with usage instructions, and three Python scripts comprising the exploit workflow. `exploit_cve_2026_8461.py` is the main payload generator that crafts a malicious AVI with MagicYUV frame geometry chosen to force a 640-byte OOB write from the Cb plane on the final slice. It uses inverse left-prediction encoding so the decoded bytes in heap memory become attacker-chosen values, then overwrites AVBuffer fields to redirect `free` to `system()` and point `opaque` at an embedded shell command string. `auto_calibrate.py` supports debug-symbol FFmpeg builds by driving GDB with source breakpoints at `magicyuv.c:291`, dumping heap-adjacent memory, locating AVBuffer structures, and extracting the `system()` address. `auto_calibrate_nosym.py` performs similar calibration for stripped dynamically linked builds by breaking on exported `av_buffer_create`, identifying Cb/Cr allocations, setting a hardware watchpoint on the expected OOB start, and reconstructing heap metadata from the dump. The exploit is not framework-based and is more than a detector: it is an operational PoC with a hardcoded exploitation strategy and customizable shell-command payload. Primary attack vector is file-based delivery of a crafted AVI to any application that fully decodes MagicYUV content via vulnerable FFmpeg/libavcodec. The README explicitly notes that probe-only paths such as `ffprobe` or `ffmpeg -i file` without output do not trigger the final execution path. Practical exploitation is constrained: tested on x86_64, depends on glibc heap layout, requires ASLR disabled, and calibration is specific to binary build, libc version, and even AVI path length. Notable fingerprintable artifacts include `/tmp/exploit.avi`, `calibration.json`, `/tmp/pwned`, the vulnerable source path `libavcodec/magicyuv.c`, and an example reverse-shell callback target `10.0.0.1:4444` embedded only as sample payload text.

Repository contains a README and a single Python exploit generator, exploit_cve_2026_8461.py. The script is not a scanner or detector; it builds crafted AVI files intended to exploit CVE-2026-8461 in FFmpeg's MagicYUV decoder. The stated exploit chain is a heap out-of-bounds write leading to corruption of an adjacent AVBuffer structure, overwriting its free callback with system() and arranging a heap-resident command string so cleanup triggers arbitrary command execution. The code structure includes helper packing/unpacking routines, left-prediction encode/decode logic to shape pixel bytes into desired post-decode memory contents, a TargetCalibration dataclass for target-specific offsets and addresses, frame-building logic for malicious MagicYUV content, AVI container construction, calibration support, and a CLI main() routine. The exploit supports two modes: a baseline crash/OOB mode and a calibrated RCE mode. The baseline mode generates a file expected to crash or corrupt memory on vulnerable FFmpeg. The RCE mode requires explicit parameters such as system() address, heap command address, AVBuffer offset, and optionally calibration JSON/glibc metadata. Operationally, the exploit is file-based: the attacker delivers a malicious AVI and waits for a local ffmpeg process to decode it. The script assumes a narrow target environment: ASLR disabled, glibc malloc allocator, calibrated heap layout, and a vulnerable unpatched FFmpeg build. Because the payload is an attacker-provided shell command but relies on hardcoded addresses and manual calibration rather than a reusable framework, the maturity is best classified as OPERATIONAL rather than WEAPONIZED.