Vulnerability DatabaseCVE-2026-56209
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-56209
Published:June 19, 2026
Updated:June 29, 2026
An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then writes approximately 1,200 bytes at the attacker-controlled address. This is fully deterministic and does not require a separate information leak. An attacker who can supply frames to a network-facing libaom encoder with SVC enabled could exploit this for denial of service or potential code execution.
Affected Packages
https://aomedia.googlesource.com/aom (SCM_GIT):
Affected version(s) >=v0.1.0 <v3.14.0
Fix Suggestion:
Update to version v3.14.0
Related Resources (5)
https://bugzilla.redhat.com/show_bug.cgi?id=2490800
https://aomedia.googlesource.com/aom/+/a93ba0ffaa
https://access.redhat.com/security/cve/CVE-2026-56209
https://issues.chromium.org/issues/503993984
https://access.redhat.com/errata/RHSA-2026:30814
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
HIGH
Weakness Type (CWE)
Out-of-bounds Write
CWE-787
EPSS
Base Score:
0.27