34 matches found
CVE-2026-29079 Type Confusion in Lexbor Fragment Parser
Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting th...
CVE-2026-29079
Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting th...
CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...
EUVD-2026-12051
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...
CVE-2026-29078
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...
CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...
CVE-2026-29078
Lexbor CVE-2026-29078 affects the ISO-2022-JP encoder prior to version 2.7.0. The bug is caused by not resetting the temporary size variable between iterations, so ctx->buffer_used -= size with a stale size (3) underflows to SIZE_MAX. This underflow leads to memcpy called with a negative lengt...
CVE-2026-29078
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...
CVE-2026-29078 Integer Underflow in Lexbor ISO‑2022‑JP Encoder
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...
CVE-2026-29078
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...
Lexbor 安全漏洞
Lexbor is an open-source C language library developed by Lexbor for processing HTML and CSS. Versions of Lexbor prior to 2.7.0 contained security vulnerabilities. These vulnerabilities stemmed from type confusion in the HTML fragment parser, which could lead to pointer dereferencing...
PT-2026-25330
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-buffer used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE MAX. Afterwards, memcpy is called wit...
Lexbor 缓冲区错误漏洞
Lexbor is an open-source C language library for processing HTML and CSS. Versions of Lexbor prior to 2.7.0 contained a buffer error vulnerability. This vulnerability stemmed from an integer underflow in the ISO-2022-JP encoder, which could lead to out-of-bounds reading and writing...
PT-2026-25331
Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting th...