CVE-2026-56210

CVSS Score & Metrics

Base Score

7.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H                                    

Vulnerability Description

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory).

Vulnerability Details

Published Date

June 19, 2026

Last Modified

June 19, 2026

CWE ID

CWE-125

Source

NVD

Vendor

Red Hat

Product

Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux AI (RHEL AI) 3, Red Hat Hardened Images

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment