Skip to main content

Lexbor EUVDEUVD-2026-12051

| CVE-2026-29078 HIGH
Integer Underflow (CWE-191)
2026-03-13 GitHub_M
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:22 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2.7.0
EUVD ID Assigned
Mar 13, 2026 - 18:00 euvd
EUVD-2026-12051
Analysis Generated
Mar 13, 2026 - 18:00 vuln.today
CVE Published
Mar 13, 2026 - 17:18 nvd
HIGH 7.5

DescriptionGitHub Advisory

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE_MAX. Afterwards, memcpy is called with a negative length, leading to an out‑of‑bounds read from the stack and an out‑of‑bounds write to the heap. The source data is partially controllable via the contents of the DOM tree. This vulnerability is fixed in 2.7.0.

AnalysisAI

The ISO-2022-JP encoder in Lexbor before version 2.7.0 contains an integer underflow vulnerability that allows unauthenticated remote attackers to read from stack memory and write to heap memory by crafting malicious DOM tree content. The flaw stems from a failure to reset a size variable between iterations, causing an out-of-bounds memcpy operation with a wrapped SIZE_MAX value. No patch is currently available for affected systems.

Technical ContextAI

Lexbor is a web browser engine library used for HTML/CSS parsing and rendering. The vulnerability stems from an integer underflow (CWE-191) in the ISO-2022-JP character encoding handler where a stale size variable (size=3) is not properly reset between encoding iterations. When ctx->buffer_used -= size is executed with this stale value, it causes an integer underflow that wraps to SIZE_MAX, subsequently triggering memcpy operations with invalid negative lengths that result in stack-based out-of-bounds reads and heap-based out-of-bounds writes.

RemediationAI

Upgrade Lexbor library to version 2.7.0 or later which contains the fix for this vulnerability. Applications using Lexbor should rebuild with the patched version. As a temporary mitigation, consider disabling or restricting processing of ISO-2022-JP encoded content if feasible in your environment, or implement input validation to sanitize DOM tree content before processing. Monitor for any vendor-specific security advisories if using products that embed Lexbor.

Share

EUVD-2026-12051 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy