CVE-2026-56210— Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id
Affected Version Matrix 6
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
any | affected | ||
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
any | affected | ||
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 | any | affected |
| Red Hat | Red Hat Hardened Images | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-56210
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id
Source: NVD (National Vulnerability Database)
Vulnerability Description
A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 | - | cpe:/a:redhat:enterprise_linux_ai:3 | |
| Red Hat | Red Hat Hardened Images | - | cpe:/a:redhat:hummingbird:1 |
II. Public POCs for CVE-2026-56210
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-56210
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-56210 (2)
Vendor Advisories for CVE-2026-56210 (1)
Other References for CVE-2026-56210 (1)
Same Patch Batch · Red Hat · 2026-06-19 · 6 CVEs total
| CVE-2026-56208 | 7.6 HIGH | Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode |
| CVE-2026-56211 | 7.1 HIGH | Libaom: libaom: remote code execution via svc layer context handling with attacker-control |
| CVE-2026-56209 | 7.1 HIGH | Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map p |
| CVE-2026-12706 | 6.5 MEDIUM | Ffmpeg: ffmpeg: heap use-after-free read in rasc decoder decode_move() |
| CVE-2026-12726 | 6.3 MEDIUM | Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-12892
Gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap - CVE-2026-12891
Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffe - CVE-2026-11820
Community.general: community.general nexmo — api credentials - CVE-2026-11819
Community.general: community.general keyring_info — os keyri - CVE-2026-12969
Dnsmasq: dnsmasq: out-of-bounds read in find_soa() due to mi
Same vendor: Red Hat
- CVE-2026-13325
Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration - CVE-2026-13322
Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-ser - CVE-2026-13083
Pen-drive: pen-drive: stored xss via unescaped cluster data - CVE-2026-13318
Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-fo - CVE-2026-13218
Kubevirt: kubevirt: symlink following in writetocachedfile a
Same weakness: CWE-125
- CVE-2026-12340
Out-of-bounds heap read in SM2/SM3 certificate Subject Key I - CVE-2026-56788
RTKLIB 2.4.3 - Out-of-bounds Read via Negative Array Index i - CVE-2026-12897
Out-of-bounds read in Horner Automation Cscape - CVE-2026-6094
Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing - CVE-2026-57451
Vim: Out-of-bounds Read in Text Property Count
V. Comments for CVE-2026-56210
No comments yet