CVE-2026-56209 | An arbitrary address write vulnerability was found in libaom… | CVSS 7.1 HIGH

Description

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then writes approximately 1,200 bytes at the attacker-controlled address. This is fully deterministic and does not require a separate information leak. An attacker who can supply frames to a network-facing libaom encoder with SVC enabled could exploit this for denial of service or potential code execution.

Metadata

CVE ID: CVE-2026-56209
State: PUBLISHED
Assigner: redhat
Reserved: 2026-06-19 15:50 UTC
Published: 2026-06-19 16:28 UTC
Last updated: 2026-06-19 17:47 UTC
Primary CWE: CWE-787
Out-of-bounds Write
Vendor / Product: Red Hat / Red Hat Enterprise Linux 10
Sources: cve.org · NVD

Severity & Metrics

7.1 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Affected products (6)

Vendor	Product	Platform	Versions
Red Hat	Red Hat Enterprise Linux 10	—	—
Red Hat	Red Hat Enterprise Linux 10	—	—
Red Hat	Red Hat Enterprise Linux 9	—	—
Red Hat	Red Hat Enterprise Linux 9	—	—
Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	—	—
Red Hat	Red Hat Hardened Images	—	—

Weakness (CWE)

CWE	Source	Description
CWE-787	cna	Out-of-bounds Write

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.1	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

References (4)