This vulnerability arises from a missing bounds check in the Scalable Video Coding (SVC) layer ID control function of libaom, allowing an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then deterministically writes about 1,200 bytes to the attacker-controlled address. Exploitation requires the ability to supply frames to a network-facing libaom encoder with SVC enabled. The flaw can result in denial of service or potentially remote code execution. The CVSS v3.1 base score is 9.1, indicating a critical severity with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on integrity and availability. No explicit patch or remediation level is stated in the vendor advisory, and no known exploits are reported in the wild as of the publication date.

Successful exploitation allows an attacker to perform an arbitrary write of approximately 1,200 bytes to a memory address controlled by the attacker. This can cause denial of service or potentially enable remote code execution on affected systems running a vulnerable libaom encoder with SVC enabled. The vulnerability does not require prior information disclosure and can be triggered remotely over the network without authentication or user interaction.

Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-56209 for current remediation guidance. Until an official fix is available, consider disabling or restricting access to network-facing libaom encoders with SVC enabled to mitigate exposure. Monitor Red Hat resources for updates on patches or workarounds.