OSV-2026-872

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvpx/OSV-2026-872.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-872
Published
2026-06-07T00:09:18.197776Z
Modified
2026-06-07T00:09:18.198072Z
Summary
Use-of-uninitialized-value in vpx_variance16x16_avx2
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520181861

Crash type: Use-of-uninitialized-value
Crash state:
vpx_variance16x16_avx2
vp8_pick_intra_mode
vp8cx_encode_intra_macroblock
References

Affected packages

OSS-Fuzz / libvpx

Package

Name
libvpx
Purl
pkg:generic/libvpx

Affected ranges

Type
GIT
Repo
https://chromium.googlesource.com/webm/libvpx
Events
Introduced
49dd8ff38aaf06024cfea9d3e74d33592cc443a2
Fixed
9794f877a3e380ecd57b735b81fe94ab368f6748

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

introduced_range 
"908e88c1aa6a12a86feb5d36a919c219c42f1e2c:f662898c395f824058c997885c66c2c4c5e6e69c"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvpx/OSV-2026-872.yaml"