Lucene search
+L

34 matches found

OSV
OSV
added 2026/03/13 5:19 p.m.6 views

CVE-2026-29079 Type Confusion in Lexbor Fragment Parser

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting th...

8.2CVSS5.8AI score0.00263EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/13 5:19 p.m.4 views

CVE-2026-29079

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting th...

8.2CVSS5.8AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 5:18 p.m.2 views

CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

8.2CVSS5.8AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 5:18 p.m.7 views

EUVD-2026-12051

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

8.2CVSS5.8AI score0.00269EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/13 5:18 p.m.7 views

CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

8.2CVSS5.3AI score0.00269EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/13 5:18 p.m.39 views

CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

8.2CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 5:18 p.m.19 views

CVE-2026-29078

Lexbor CVE-2026-29078 affects the ISO-2022-JP encoder prior to version 2.7.0. The bug is caused by not resetting the temporary size variable between iterations, so ctx->buffer_used -= size with a stale size (3) underflows to SIZE_MAX. This underflow leads to memcpy called with a negative lengt...

8.2CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/13 5:18 p.m.6 views

CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

8.2CVSS5.8AI score0.00269EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/13 5:18 p.m.6 views

CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

8.2CVSS5.8AI score0.00269EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/13 5:18 p.m.6 views

CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

8.2CVSS5.8AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.9 views

Lexbor 安全漏洞

Lexbor is an open-source C language library developed by Lexbor for processing HTML and CSS. Versions of Lexbor prior to 2.7.0 contained security vulnerabilities. These vulnerabilities stemmed from type confusion in the HTML fragment parser, which could lead to pointer dereferencing...

8.2CVSS5.8AI score0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25330

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-buffer used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE MAX. Afterwards, memcpy is called wit...

8.2CVSS5.8AI score0.00269EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

Lexbor 缓冲区错误漏洞

Lexbor is an open-source C language library for processing HTML and CSS. Versions of Lexbor prior to 2.7.0 contained a buffer error vulnerability. This vulnerability stemmed from an integer underflow in the ISO-2022-JP encoder, which could lead to out-of-bounds reading and writing...

8.2CVSS6AI score0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25331

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting th...

8.2CVSS5.8AI score0.00263EPSS
Exploits0References2
Rows per page
Query Builder