FFmpeg fixes PixelSmash flaw in widely used video decoder

FFmpeg fixed CVE-2026-8461, a high-severity heap out-of-bounds write in the MagicYUV decoder dubbed PixelSmash. The flaw can enable remote code execution on Jellyfin servers under certain conditions and trigger denial-of-service in Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio via malicious AVI, MKV, or MOV files.