CVE-2026-29078
Integer Underflow in Lexbor ISO‑2022‑JP Encoder
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE_MAX. Afterwards, memcpy is called with a negative length, leading to an out‑of‑bounds read from the stack and an out‑of‑bounds write to the heap. The source data is partially controllable via the contents of the DOM tree. This vulnerability is fixed in 2.7.0.
| CWE | CWE-191 CWE-787 |
| Vendor | lexbor |
| Product | lexbor |
| Published | Mar 13, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for lexbor lexbor
Be the first to know when new unknown vulnerabilities affecting lexbor lexbor are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
lexbor / lexbor
< 2.7.0