VYPR

libtheora

by Xiph.Org

Source repositories

CVEs (3)

  • CVE-2024-56431CriDec 25, 2024
    risk 0.57cvss 9.8epss 0.02

    oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

  • CVE-2026-5673MedApr 6, 2026
    risk 0.29cvss 5.6epss 0.00

    A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI…

  • CVE-2009-3389Dec 17, 2009
    risk 0.00cvss epss 0.05

    Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.