EUVD-2026-12051
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE_MAX. Afterwards, memcpy is called with a negative length, leading to an out‑of‑bounds read from the stack and an out‑of‑bounds write to the heap. The source data is partially controllable via the contents of the DOM tree. This vulnerability is fixed in 2.7.0.
Analysis
The ISO-2022-JP encoder in Lexbor before version 2.7.0 contains an integer underflow vulnerability that allows unauthenticated remote attackers to read from stack memory and write to heap memory by crafting malicious DOM tree content. The flaw stems from a failure to reset a size variable between iterations, causing an out-of-bounds memcpy operation with a wrapped SIZE_MAX value. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems and applications using Lexbor library and assess their exposure to untrusted web content. Within 7 days: Implement input validation and content filtering to prevent malicious DOM tree construction; isolate affected systems from critical production workflows if possible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today