CVE-2026-29078
Integer Underflow and Out-of-Bounds Write in Lexbor ISO-2022-JP Encoder
Publication date: 2026-03-13
Last updated on: 2026-03-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lexbor | lexbor | to 2.7.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29078 is an integer underflow vulnerability in the ISO-2022-JP encoder component of the Lexbor web browser engine library, affecting versions prior to 2.7.0.
The vulnerability occurs because the encoder fails to reset a temporary size variable between iterations. This causes the statement ctx->buffer_used -= size to execute with a stale size value of 3, resulting in an integer underflow that wraps around to SIZE_MAX.
As a result, a subsequent memcpy call uses a negative length parameter, leading to an out-of-bounds read from the stack and an out-of-bounds write to the heap.
The source data influencing this vulnerability is partially controllable via the contents of the DOM tree.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption due to out-of-bounds read and write operations.
An attacker can exploit this flaw remotely without requiring any privileges or user interaction.
The primary impact is a high severity risk of denial of service, causing the affected application or system to crash or behave unpredictably.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the Lexbor library to version 2.7.0 or later, where the issue has been fixed.
This update addresses the integer underflow and out-of-bounds memory access caused by the ISO-2022-JP encoder failing to reset a temporary size variable.