Impact
A flaw in libaom’s AV1 encoder Look‑Ahead Processing bypasses a ring buffer guard when the configuration parameter g_lag_in_frames is set to 1 or higher. Each encoded frame after the second triggers a 232‑byte out‑of‑bounds write that corrupts adjacent heap objects. The weakness is a classic heap buffer overflow (CWE‑122) that can lead to a process crash for denial of service or, under the right circumstances, arbitrary code execution. The CVSS score of 7.6 indicates high risk, though no EPSS data is available and the vulnerability is not listed in the CISA KEV catalog.
Affected Systems
Affected products include Red Hat Enterprise Linux 9 and 10, Red Hat Enterprise Linux AI 3, Red Hat Hardened Images, and the Hummingbird image repository, all of which embed libaom in packaged form. Exact version numbers are not provided, but any distribution that ships libaom without the v3.14.0+ patch is impacted.
Risk and Exploitability
Exploitation requires an attacker to influence the encoder configuration of a transcoding service or WebRTC session. By supplying g_lag_in_frames values of 1 or higher with untrusted input, an attacker can cause the overflow and trigger a denial of service or, if conditions allow, convert the heap corruption into code execution. The lack of EPSS data suggests that exploitation is feasible but may not be widespread yet; however, the high CVSS score and the potential for code execution warrant prompt remediation.
OpenCVE Enrichment