CVE-2026-56208
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Summary
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 232-byte out-of-bounds write on every encoded frame after the second, corrupting adjacent heap objects. An attacker who can influence encoder configuration in a transcoding service or WebRTC session could exploit this to cause a denial of service (process crash) or potentially achieve code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Hardened Images | 3.14.0-0.1.hum1 < * | unaffected |
Weaknesses
- CWE-122: Heap-based Buffer Overflow
Workarounds
There is no complete mitigation for this vulnerability. The following measures can reduce risk:
- If using libaom as a standalone encoder library, avoid setting g_lag_in_frames to values >= 1 when processing untrusted input, or validate all encoder configuration parameters before passing them to the libaom API.
- For Firefox and Thunderbird, ensure browsers are updated to versions that include the patched libaom (v3.14.0 or later).
- For standalone libaom deployments (RHEL-AI, Hummingbird), restrict access to the encoding service to trusted clients only.
- Apply network-level access controls to limit who can submit video for encoding.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
libaom: libaom: heap buffer overflow in AV1 encoder first-pass stats buffer via LAP mode
Additional References
- https://access.redhat.com/security/cve/CVE-2026-56208
- https://bugzilla.redhat.com/show_bug.cgi?id=2490799
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-56208.json
- https://access.redhat.com/errata/RHSA-2026:30814
References
- https://access.redhat.com/errata/RHSA-2026:30814
- https://access.redhat.com/security/cve/CVE-2026-56208
- https://aomedia.googlesource.com/aom/+/243f8ae84b
- https://bugzilla.redhat.com/show_bug.cgi?id=2490799
- https://issues.chromium.org/issues/504317456
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.