JLSEC-2026-122

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-122.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-122.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-122
Upstream
Published
2026-04-16T23:30:44.982Z
Modified
2026-04-16T23:45:06.000711Z
Summary
[none]
Details

Integer overflow in libaom internal function imgallochelper can lead to heap buffer overflow. This function can be reached via 3 callers:

  • Calling aomimgalloc() with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aomimaget struct may be invalid.
  • Calling aomimgwrap() with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aomimaget struct may be invalid.
  • Calling aomimgallocwithborder() with a large value of the dw, dh, align, sizealign, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aomimage_t struct may be invalid.
Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "modified": "2024-11-21T09:47:07.493Z",
            "imported": "2026-04-16T21:59:42.822Z",
            "database_specific": {
                "status": "Modified"
            },
            "published": "2024-06-05T20:15:13.800Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5171",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-5171",
            "id": "CVE-2024-5171"
        }
    ]
}
References

Affected packages

Julia / libaom_jll

Package

Name
libaom_jll
Purl
pkg:julia/libaom_jll?uuid=a4ae2306-e953-59d6-aa16-d00cac43593b

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.11.0+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-122.json"