PT-2026-35334 · Julia · Libaom Jll

Published

2026-04-16

·

Updated

2026-04-16

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Integer overflow in libaom internal function img alloc helper can lead to heap buffer overflow. This function can be reached via 3 callers:
  • Calling aom img alloc() with a large value of the d w, d h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom image t struct may be invalid.
  • Calling aom img wrap() with a large value of the d w, d h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom image t struct may be invalid.
  • Calling aom img alloc with border() with a large value of the d w, d h, align, size align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom image t struct may be invalid.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

JLSEC-2026-122

Affected Products

Libaom Jll