rpm package
opensuse/libtheora&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libtheora&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56431 | — | < 1.2.0-1.1 | 1.2.0-1.1 | Dec 25, 2024 | oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash. | ||
| CVE-2017-14633 | Med | 6.5 | < 1.2.0-1.1 | 1.2.0-1.1 | Sep 21, 2017 | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). |
- CVE-2024-56431Dec 25, 2024affected < 1.2.0-1.1fixed 1.2.0-1.1
oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.
- affected < 1.2.0-1.1fixed 1.2.0-1.1
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().