55 matches found
OESA-2025-1369 libtheora security update
Theora is a free and open video compression format from the Xiph.org Foundation. Like all our multimedia technology it can be used to distribute film and video online and on disc without the licensing and royalty fees or vendor lock-in associated with other formats. Security Fixes: ochufftreeunpa...
OPENSUSE-SU-2025:14957-1 libtheora-devel-1.2.0-1.1 on GA media
These are all security issues fixed in the libtheora-devel-1.2.0-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2024-56431
A flaw was found in Theora libtheora. An incorrect bitwise shift may be triggered via specially-crafted input, potentially resulting in an application crash...
CVE-2024-56431
CVE-2024-56431 affects libtheora (Theora) via oc_huff_tree_unpack in huffdec.c, up to Theora 1.0 7180717, with an invalid negative left shift. This is noted as disputed by third parties regarding real security impact (e.g., an app may not crash). Several Nessus/OpenSUSE/SUSE advisories reference ...
PT-2024-36815 · Theora +3 · Theora +3
Name of the Vulnerable Software and Affected Versions: Theora versions up to 1.0 7180717 Description: The issue is related to an invalid negative left shift in the oc huff tree unpack function in huffdec.c within libtheora, as used in Theora. This function contains a problem that can be exploited...
CVE-2024-56431
ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash...
CVE-2024-56431
ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash...
CVE-2024-56431
ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash...
CVE-2024-56431
ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash...
new packages: libtheora
An update is available for libtheora. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpri...
libtheora:fuzzer-decoder: Use-of-uninitialized-value in fuzzing::memory::memory_test_msan
Detailed Report: https://oss-fuzz.com/testcase?key=5761911192027136 Project: libtheora Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzermsanlibtheora Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: fuzzing::memory::memorytestmsan...
libtheora:fuzzer-decoder: Use-of-uninitialized-value in TheoraDecoder::writeImage
Detailed Report: https://oss-fuzz.com/testcase?key=5706045170647040 Project: libtheora Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzermsanlibtheora Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: TheoraDecoder::writeImage...
Gentoo Security Advisory GLSA 201312-04
Gentoo Linux Local Security Checks GLSA 201312-04 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
libtheora: Arbitrary code execution
Background libtheora is the reference implementation of Theora, a free and open video compression format from the Xiph.org Foundation. Description An integer overflow flaw has been discovered in libtheora. Impact A remote attacker could execute arbitrary code or cause a Denial of Service conditio...
GLSA-201312-04 : libtheora: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201312-04 libtheora: Arbitrary code execution An integer overflow flaw has been discovered in libtheora. Impact : A remote attacker could execute arbitrary code or cause a Denial of Service condition. Workaround : There is no know...
SuSE 11 Security Update : libtheora (SAT Patch Number 2067)
An integer overflow was fixed in libtheora. It could be exploited remotely to execute arbitrary code. CVE-2009-3389: CVSS v2 Base Score: 9.3 HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C: Numeric Errors. CWE-189 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
Mandriva Linux Security Advisory : firefox (MDVSA-2009:338)
Security issues were identified and fixed in firefox 3.5.x : liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service application crash or execute arbitrary code via unspecified vectors, related to memory safe...
Debian Security Advisory DSA 2045-1 (libtheora)
The remote host is missing an update to libtheora announced via advisory DSA 2045-1. OpenVAS Vulnerability Test $Id: deb20451.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2045-1 libtheora Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
Debian: Security Advisory (DSA-2045-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2045-1 : libtheora - integer overflow
Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service crash of the player using this library, and possibly arbitrary...