CVE-2026-56210
HIGH 7.1A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory).
Severe if exploited (CVSS 7.1), but no known exploitation and low modeled probability. Patch on a normal cadence.
Exploitation likelihood
0.2%chance of exploitation in 30 days · 16th percentile
Impact if exploited
7.1CVSS 3.1 · HIGH
- ConfidentialityLow
- IntegrityNone
- AvailabilityHigh
What an attacker needs
- ✓Access: Reachable over the network — no local access needed
- ✓Privileges: No account or privileges required
- ⚠User interaction: A user must take an action (click / open a file)
- ✓Complexity: No special conditions — reliably repeatable
✓ lowers the bar for an attacker · ⚠ raises it
Affected
Vendors Red Hat
Products Red Hat Hardened Images Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 9 Red Hat Enterprise Linux Ai (Rhel Ai) 3
Weakness (CWE)
- CWE-125: Out-of-bounds read
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H