OSV-2026-889

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvpx/OSV-2026-889.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-889
Published
2026-06-08T00:20:52.435198Z
Modified
2026-06-08T00:20:52.435472Z
Summary
Use-of-uninitialized-value in vp8_compute_skin_block
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520701729

Crash type: Use-of-uninitialized-value
Crash state:
vp8_compute_skin_block
encode_frame_to_data_rate
vp8_get_compressed_data
References

Affected packages

OSS-Fuzz / libvpx

Package

Name
libvpx
Purl
pkg:generic/libvpx

Affected ranges

Type
GIT
Repo
https://chromium.googlesource.com/webm/libvpx
Events
Introduced
49dd8ff38aaf06024cfea9d3e74d33592cc443a2
Fixed
9794f877a3e380ecd57b735b81fe94ab368f6748

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

introduced_range 
"908e88c1aa6a12a86feb5d36a919c219c42f1e2c:f662898c395f824058c997885c66c2c4c5e6e69c"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvpx/OSV-2026-889.yaml"