7.6

CVE-2026-56208

Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 232-byte out-of-bounds write on every encoded frame after the second, corrupting adjacent heap objects. An attacker who can influence encoder configuration in a transcoding service or WebRTC session could exploit this to cause a denial of service (process crash) or potentially achieve code execution.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat AI Inference Server
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux AI (RHEL AI) 3
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift AI (RHOAI)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.192
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.6 2.8 4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.6 2.8 4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://aomedia.googlesource.com/aom/+/243f8ae84b
https://bugzilla.redhat.com/show_bug.cgi?id=2490799
https://issues.chromium.org/issues/504317456
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-56208.json
https://access.redhat.com/errata/RHSA-2026:30814
https://access.redhat.com/security/cve/CVE-2026-56208