A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation by the Alliance for Open Media. A heap buffer overflow exists in the AV1 encoder SVC layer context handling. The encoder control path for setting the active SVC layer ID lacks sufficient bounds validation, allowing an out-of-range spatial/temporal layer selection to make ctrl_set_layer_id() operate on a non-existent LAYER_CONTEXT entry.

In a 320x240 encoder configuration using 2 spatial layers, 3 temporal layers, and cyclic refresh (aq_mode=3), the out-of-bounds "ghost" layer_context[9] overlaps attacker-controlled image Y-plane data. This lets an attacker supply video frame pixels that become security-sensitive layer-context fields, including the cr->map pointer used by cyclic refresh.

The demonstrated exploit chain uses the attacker-controlled cr->map pointer as a crash oracle to recover the PIE base in fork-based services, then redirects cyclic-refresh writes into writable GOT.PLT entries and pivots control flow toward command execution. The PoC demonstrated successful code execution in a remote setting with partial local assistance.

Components: av1/av1_cx_iface.c (ctrl_set_layer_id()), av1/encoder/svc_layercontext.c (av1_restore_layer_context()), av1/encoder/aq_cyclicrefresh.c (av1_cyclic_refresh_update_segment())

Impact: Remote code execution in fork-based video processing services that expose libaom AV1 encoder configuration and accept attacker-supplied frames. Full CIA compromise demonstrated.

Affected: libaom since 2018-01-24, commit f85898632d (pre-v1.0.0); tested on v3.13.3-389-gdc2644ef7e
Fixed in: 2026-04-19, commit a93ba0ffaa ("Add bounds check for SVC layer context array", BUG=aomedia:503993985), released in v3.14.0
Upstream report: https://issues.chromium.org/issues/503993985 (restricted)

Reporter: The FuzzAnything Team
PSIRT Ticket: PSIRTSUPT-17179