OSV-2026-97

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2026-97

Published

2026-01-21T00:09:09.897624Z

Modified

2026-01-28T14:23:52.198239Z

Summary

Heap-buffer-overflow in vpx_wb_write_literal

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476466137

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
vpx_wb_write_literal
vp9_pack_bitstream
encode_frame_to_data_rate

References

Affected packages

Type: GIT
Repo: https://chromium.googlesource.com/webm/libvpx
Events: Introduced

f72b9f6a85fdc4fbbec6402146fb653130330e8f

Fixed

d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1

Fixed

5de804c9b4d8d24882a31f5be287f1f688729db5

v1.*

v1.16.0

v1.16.0-rc1

{
    "severity": "HIGH"
}

fixed_range

"807c698468ee6264d6b206d74b9465b5acd97b5c:5de804c9b4d8d24882a31f5be287f1f688729db5"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvpx/OSV-2026-97.yaml"