{"id":"JLSEC-2026-122","details":"Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:\n\n  - Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n  - Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.\n  - Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.","modified":"2026-04-16T23:45:06.000711Z","published":"2026-04-16T23:30:44.982Z","upstream":["CVE-2024-5171"],"database_specific":{"license":"CC-BY-4.0","sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-5171","imported":"2026-04-16T21:59:42.822Z","database_specific":{"status":"Modified"},"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5171","modified":"2024-11-21T09:47:07.493Z","published":"2024-06-05T20:15:13.800Z","id":"CVE-2024-5171"}]},"references":[{"type":"WEB","url":"https://issues.chromium.org/issues/332382766"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/"},{"type":"WEB","url":"https://issues.chromium.org/issues/332382766"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00024.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/"}],"affected":[{"package":{"name":"libaom_jll","ecosystem":"Julia","purl":"pkg:julia/libaom_jll?uuid=a4ae2306-e953-59d6-aa16-d00cac43593b"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.11.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-122.json"}}],"schema_version":"1.7.5"}