Lucene search
K

55 matches found

OSV
OSV
added 2025/04/03 12:54 p.m.3 views

OESA-2025-1369 libtheora security update

Theora is a free and open video compression format from the Xiph.org Foundation. Like all our multimedia technology it can be used to distribute film and video online and on disc without the licensing and royalty fees or vendor lock-in associated with other formats. Security Fixes: ochufftreeunpa...

9.8CVSS6.9AI score0.01817EPSS
Exploits1References2
OSV
OSV
added 2025/04/02 12:0 a.m.6 views

OPENSUSE-SU-2025:14957-1 libtheora-devel-1.2.0-1.1 on GA media

These are all security issues fixed in the libtheora-devel-1.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.7AI score0.01921EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2024/12/25 6:53 p.m.12 views

CVE-2024-56431

A flaw was found in Theora libtheora. An incorrect bitwise shift may be triggered via specially-crafted input, potentially resulting in an application crash...

3.3CVSS9.5AI score0.01817EPSS
Exploits1References6
CVE
CVE
added 2024/12/25 12:0 a.m.820 views

CVE-2024-56431

CVE-2024-56431 affects libtheora (Theora) via oc_huff_tree_unpack in huffdec.c, up to Theora 1.0 7180717, with an invalid negative left shift. This is noted as disputed by third parties regarding real security impact (e.g., an app may not crash). Several Nessus/OpenSUSE/SUSE advisories reference ...

9.8CVSS6.4AI score0.01817EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/25 12:0 a.m.6 views

PT-2024-36815 · Theora +3 · Theora +3

Name of the Vulnerable Software and Affected Versions: Theora versions up to 1.0 7180717 Description: The issue is related to an invalid negative left shift in the oc huff tree unpack function in huffdec.c within libtheora, as used in Theora. This function contains a problem that can be exploited...

10CVSS6AI score0.01921EPSS
Exploits1References53
Cvelist
Cvelist
added 2024/12/25 12:0 a.m.14 views

CVE-2024-56431

ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash...

0.01817EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/12/25 12:0 a.m.12 views

CVE-2024-56431

ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash...

6.4AI score0.01817EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2024/12/25 12:0 a.m.9 views

CVE-2024-56431

ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash...

9.8CVSS6.5AI score0.01817EPSS
Exploits1
OSV
OSV
added 2024/12/25 12:0 a.m.8 views

CVE-2024-56431

ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash...

9.8CVSS6.3AI score0.01817EPSS
Exploits1References8
Rockylinux
Rockylinux
added 2022/05/17 7:1 a.m.11 views

new packages: libtheora

An update is available for libtheora. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpri...

2.2AI score
Exploits0
ossfuzz
ossfuzz
added 2020/05/14 4:48 p.m.16 views

libtheora:fuzzer-decoder: Use-of-uninitialized-value in fuzzing::memory::memory_test_msan

Detailed Report: https://oss-fuzz.com/testcase?key=5761911192027136 Project: libtheora Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzermsanlibtheora Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: fuzzing::memory::memorytestmsan...

6.8AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2019/09/20 9:8 a.m.15 views

libtheora:fuzzer-decoder: Use-of-uninitialized-value in TheoraDecoder::writeImage

Detailed Report: https://oss-fuzz.com/testcase?key=5706045170647040 Project: libtheora Fuzzing Engine: libFuzzer Fuzz Target: fuzzer-decoder Job Type: libfuzzermsanlibtheora Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: TheoraDecoder::writeImage...

6.8AI score
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2015/09/29 12:0 a.m.32 views

Gentoo Security Advisory GLSA 201312-04

Gentoo Linux Local Security Checks GLSA 201312-04 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

9.3CVSS8.3AI score0.04785EPSS
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2013/12/03 12:0 a.m.33 views

libtheora: Arbitrary code execution

Background libtheora is the reference implementation of Theora, a free and open video compression format from the Xiph.org Foundation. Description An integer overflow flaw has been discovered in libtheora. Impact A remote attacker could execute arbitrary code or cause a Denial of Service conditio...

9.3CVSS9.9AI score0.04785EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/12/03 12:0 a.m.38 views

GLSA-201312-04 : libtheora: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201312-04 libtheora: Arbitrary code execution An integer overflow flaw has been discovered in libtheora. Impact : A remote attacker could execute arbitrary code or cause a Denial of Service condition. Workaround : There is no know...

9.3CVSS8.8AI score0.04785EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/12/02 12:0 a.m.35 views

SuSE 11 Security Update : libtheora (SAT Patch Number 2067)

An integer overflow was fixed in libtheora. It could be exploited remotely to execute arbitrary code. CVE-2009-3389: CVSS v2 Base Score: 9.3 HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C: Numeric Errors. CWE-189 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

9.3CVSS8.8AI score0.04785EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/07/30 12:0 a.m.35 views

Mandriva Linux Security Advisory : firefox (MDVSA-2009:338)

Security issues were identified and fixed in firefox 3.5.x : liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service application crash or execute arbitrary code via unspecified vectors, related to memory safe...

9.3CVSS9AI score0.04785EPSS
Exploits9References11
OpenVAS
OpenVAS
added 2010/06/03 12:0 a.m.26 views

Debian Security Advisory DSA 2045-1 (libtheora)

The remote host is missing an update to libtheora announced via advisory DSA 2045-1. OpenVAS Vulnerability Test $Id: deb20451.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2045-1 libtheora Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

9.3CVSS0.4AI score0.04785EPSS
Exploits0
OpenVAS
OpenVAS
added 2010/06/03 12:0 a.m.20 views

Debian: Security Advisory (DSA-2045-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS9.7AI score0.04785EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/05/12 12:0 a.m.30 views

Debian DSA-2045-1 : libtheora - integer overflow

Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service crash of the player using this library, and possibly arbitrary...

9.3CVSS8.8AI score0.04785EPSS
Exploits0References3
Rows per page
Query Builder