Buffer overflow in Lexbor
CVE-2026-29078
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underfl…
EPSS: 0.001 (19.8th percentile) — read the EPSS interpretation.
Affected products
- Lexbor — versions < 2.7.0
Weakness classification (CWE)
References
- https://github.com/lexbor/lexbor/security/advisories/GHSA-mrwr-xh7f-96v3 (x_refsource_CONFIRM)