2 matches found
CVE-2024-56431
CVE-2024-56431 affects libtheora (Theora) via oc_huff_tree_unpack in huffdec.c, up to Theora 1.0 7180717, with an invalid negative left shift. This is noted as disputed by third parties regarding real security impact (e.g., an app may not crash). Several Nessus/OpenSUSE/SUSE advisories reference ...
CVE-2026-5673
CVE-2026-5673 affects libtheora’s AVI parser. The flaw is a heap-based out-of-bounds read in the avi_parse_input_file() function triggered by a crafted AVI file with a truncated header sub-chunk. Local attackers can exploit this by tricking a user into opening such a file, leading to a potential ...