{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"High"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"aom security update",
				"category":"general",
				"title":"Synopsis"
			},
			{
				"text":"An update for aom is now available for openEuler-20.03-LTS-SP4",
				"category":"general",
				"title":"Summary"
			},
			{
				"text":"The Alliance for Open Media’s focus is to deliver a next-generation video format that is:\n\nSecurity Fix(es):\n\nAn arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then writes approximately 1,200 bytes at the attacker-controlled address. This is fully deterministic and does not require a separate information leak. An attacker who can supply frames to a network-facing libaom encoder with SVC enabled could exploit this for denial of service or potential code execution.(CVE-2026-56209)\n\nA heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory).(CVE-2026-56210)\n\nA remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer context structures. In fork-based video processing services, an attacker can use this to hijack the cyclic refresh map pointer, brute-force the process base address via a crash oracle, and redirect control flow to achieve arbitrary command execution. Exploitation requires the target service to use libaom with SVC encoding enabled and accept attacker-supplied video frames.(CVE-2026-56211)",
				"category":"general",
				"title":"Description"
			},
			{
				"text":"An update for aom is now available for openEuler-20.03-LTS-SP4/openEuler-24.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
				"category":"general",
				"title":"Topic"
			},
			{
				"text":"High",
				"category":"general",
				"title":"Severity"
			},
			{
				"text":"aom",
				"category":"general",
				"title":"Affected Component"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"openEuler-SA-2026-2864",
				"category":"self",
				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2864"
			},
			{
				"summary":"CVE-2026-56209",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-56209&packageName=aom"
			},
			{
				"summary":"CVE-2026-56210",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-56210&packageName=aom"
			},
			{
				"summary":"CVE-2026-56211",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-56211&packageName=aom"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-56209"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-56210"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-56211"
			},
			{
				"summary":"openEuler-SA-2026-2864 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2864.json"
			}
		],
		"title":"An update for aom is now available for openEuler-20.03-LTS-SP4",
		"tracking":{
			"initial_release_date":"2026-07-06T16:52:46+08:00",
			"revision_history":[
				{
					"date":"2026-07-06T16:52:46+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				}
			],
			"generator":{
				"date":"2026-07-06T16:52:46+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2026-07-06T16:52:46+08:00",
			"id":"openEuler-SA-2026-2864",
			"version":"1.0.0",
			"status":"final"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"openEuler-20.03-LTS-SP4",
									"name":"openEuler-20.03-LTS-SP4"
								},
								"name":"openEuler-20.03-LTS-SP4",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"aarch64",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"aom-1.0.0-3.oe2003sp4.aarch64.rpm",
									"name":"aom-1.0.0-3.oe2003sp4.aarch64.rpm"
								},
								"name":"aom-1.0.0-3.oe2003sp4.aarch64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"aom-debuginfo-1.0.0-3.oe2003sp4.aarch64.rpm",
									"name":"aom-debuginfo-1.0.0-3.oe2003sp4.aarch64.rpm"
								},
								"name":"aom-debuginfo-1.0.0-3.oe2003sp4.aarch64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"aom-debugsource-1.0.0-3.oe2003sp4.aarch64.rpm",
									"name":"aom-debugsource-1.0.0-3.oe2003sp4.aarch64.rpm"
								},
								"name":"aom-debugsource-1.0.0-3.oe2003sp4.aarch64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"libaom-1.0.0-3.oe2003sp4.aarch64.rpm",
									"name":"libaom-1.0.0-3.oe2003sp4.aarch64.rpm"
								},
								"name":"libaom-1.0.0-3.oe2003sp4.aarch64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"libaom-devel-1.0.0-3.oe2003sp4.aarch64.rpm",
									"name":"libaom-devel-1.0.0-3.oe2003sp4.aarch64.rpm"
								},
								"name":"libaom-devel-1.0.0-3.oe2003sp4.aarch64.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"aom-1.0.0-3.oe2003sp4.src.rpm",
									"name":"aom-1.0.0-3.oe2003sp4.src.rpm"
								},
								"name":"aom-1.0.0-3.oe2003sp4.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"x86_64",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"aom-1.0.0-3.oe2003sp4.x86_64.rpm",
									"name":"aom-1.0.0-3.oe2003sp4.x86_64.rpm"
								},
								"name":"aom-1.0.0-3.oe2003sp4.x86_64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"aom-debuginfo-1.0.0-3.oe2003sp4.x86_64.rpm",
									"name":"aom-debuginfo-1.0.0-3.oe2003sp4.x86_64.rpm"
								},
								"name":"aom-debuginfo-1.0.0-3.oe2003sp4.x86_64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"aom-debugsource-1.0.0-3.oe2003sp4.x86_64.rpm",
									"name":"aom-debugsource-1.0.0-3.oe2003sp4.x86_64.rpm"
								},
								"name":"aom-debugsource-1.0.0-3.oe2003sp4.x86_64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"libaom-1.0.0-3.oe2003sp4.x86_64.rpm",
									"name":"libaom-1.0.0-3.oe2003sp4.x86_64.rpm"
								},
								"name":"libaom-1.0.0-3.oe2003sp4.x86_64.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"libaom-devel-1.0.0-3.oe2003sp4.x86_64.rpm",
									"name":"libaom-devel-1.0.0-3.oe2003sp4.x86_64.rpm"
								},
								"name":"libaom-devel-1.0.0-3.oe2003sp4.x86_64.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"aom-1.0.0-3.oe2003sp4.aarch64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
					"name":"aom-1.0.0-3.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"aom-debuginfo-1.0.0-3.oe2003sp4.aarch64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
					"name":"aom-debuginfo-1.0.0-3.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"aom-debugsource-1.0.0-3.oe2003sp4.aarch64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
					"name":"aom-debugsource-1.0.0-3.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"libaom-1.0.0-3.oe2003sp4.aarch64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
					"name":"libaom-1.0.0-3.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"libaom-devel-1.0.0-3.oe2003sp4.aarch64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
					"name":"libaom-devel-1.0.0-3.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"aom-1.0.0-3.oe2003sp4.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
					"name":"aom-1.0.0-3.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"aom-1.0.0-3.oe2003sp4.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
					"name":"aom-1.0.0-3.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"aom-debuginfo-1.0.0-3.oe2003sp4.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
					"name":"aom-debuginfo-1.0.0-3.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"aom-debugsource-1.0.0-3.oe2003sp4.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
					"name":"aom-debugsource-1.0.0-3.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"libaom-1.0.0-3.oe2003sp4.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
					"name":"libaom-1.0.0-3.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"libaom-devel-1.0.0-3.oe2003sp4.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64",
					"name":"libaom-devel-1.0.0-3.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2026-56209",
			"notes":[
				{
					"text":"An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then writes approximately 1,200 bytes at the attacker-controlled address. This is fully deterministic and does not require a separate information leak. An attacker who can supply frames to a network-facing libaom encoder with SVC enabled could exploit this for denial of service or potential code execution.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
					"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64"
					],
					"details":"aom security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2864"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"HIGH",
						"baseScore":7.1,
						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
						"version":"3.1"
					},
					"products":[
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64"
					]
				}
			],
			"threats":[
				{
					"details":"High",
					"category":"impact"
				}
			],
			"title":"CVE-2026-56209"
		},
		{
			"cve":"CVE-2026-56210",
			"notes":[
				{
					"text":"A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory).",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
					"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64"
					],
					"details":"aom security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2864"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"HIGH",
						"baseScore":7.1,
						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
						"version":"3.1"
					},
					"products":[
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64"
					]
				}
			],
			"threats":[
				{
					"details":"High",
					"category":"impact"
				}
			],
			"title":"CVE-2026-56210"
		},
		{
			"cve":"CVE-2026-56211",
			"notes":[
				{
					"text":"A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer context structures. In fork-based video processing services, an attacker can use this to hijack the cyclic refresh map pointer, brute-force the process base address via a crash oracle, and redirect control flow to achieve arbitrary command execution. Exploitation requires the target service to use libaom with SVC encoding enabled and accept attacker-supplied video frames.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
					"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
					"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
					"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64"
					],
					"details":"aom security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2864"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"HIGH",
						"baseScore":7.1,
						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
						"version":"3.1"
					},
					"products":[
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.aarch64",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.src",
						"openEuler-20.03-LTS-SP4:aom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debuginfo-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:aom-debugsource-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-1.0.0-3.oe2003sp4.x86_64",
						"openEuler-20.03-LTS-SP4:libaom-devel-1.0.0-3.oe2003sp4.x86_64"
					]
				}
			],
			"threats":[
				{
					"details":"High",
					"category":"impact"
				}
			],
			"title":"CVE-2026-56211"
		}
	]
}