CVE-2024-56431

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-56431
oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC Exploit
https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193 Product
https://github.com/xiph/theora/issues/17#issuecomment-2480630603 Issue Tracking
https://www.openwall.com/lists/oss-security/2025/04/25/6
http://www.openwall.com/lists/oss-security/2025/04/25/4
http://www.openwall.com/lists/oss-security/2025/04/25/6
Configurations

Configuration 1 (hide)

cpe:2.3:a:xiph:theora:*:*:*:*:*:*:*:*
History

25 Apr 2025, 20:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/04/25/6 -

25 Apr 2025, 19:15

Type Values Removed Values Added
Summary (en) oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. (en) oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.
References
  • () https://www.openwall.com/lists/oss-security/2025/04/25/6 -

25 Apr 2025, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/04/25/4 -

21 Apr 2025, 16:53

Type Values Removed Values Added
First Time Xiph theora
CPE cpe:2.3:a:xiph:libtheora:*:*:*:*:*:*:*:* cpe:2.3:a:xiph:theora:*:*:*:*:*:*:*:*

09 Apr 2025, 13:11

Type Values Removed Values Added
First Time Xiph
Xiph libtheora
CPE cpe:2.3:a:xiph:libtheora:*:*:*:*:*:*:*:*
References () https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC - () https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC - Exploit
References () https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193 - () https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193 - Product
References () https://github.com/xiph/theora/issues/17#issuecomment-2480630603 - () https://github.com/xiph/theora/issues/17#issuecomment-2480630603 - Issue Tracking

24 Mar 2025, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-863

18 Feb 2025, 22:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : unknown

31 Dec 2024, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
Summary
  • (es) oc_huff_tree_unpack en huffdec.c en libtheora en Theora hasta 1.0 7180717 tiene un desplazamiento negativo a la izquierda no válido.

25 Dec 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-25 17:15

Updated : 2025-04-25 20:15

NVD link : CVE-2024-56431

Mitre link : CVE-2024-56431

CVE.ORG link : CVE-2024-56431

JSON object : View

Products Affected

xiph

  • theora
CWE
CWE-863

Incorrect Authorization