CVE-2026-29078

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Lexbor versions prior to 2.7.0

Description Lexbor is a web browser engine library. Before version 2.7.0, the ISO‑2022‑JP encoder in Lexbor does not reset the temporary size variable between iterations. The statement ctx->buffer used -= size with an outdated size of 3 causes an integer underflow that wraps to SIZE MAX. Subsequently, memcpy is called with a negative length, resulting in an out-of-bounds read from the stack and an out-of-bounds write to the heap. The source data is partially controllable through the contents of the DOM tree.

Recommendations Versions prior to 2.7.0 should be updated to version 2.7.0 or later.

Exploit

Fix

Integer Underflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-787

Related Identifiers

CVE-2026-29078

GHSA-MRWR-XH7F-96V3

Affected Products

Lexbor

CVE-2026-29078

Weakness Enumeration

Related Identifiers

Affected Products

References · 11