Description

oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

INFO

Published Date :

2024-12-25T00:00:00.000Z

Last Modified :

2025-05-07T19:45:58.528Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56431 vulnerability.

Vendors Products
Xiph
  • Theora
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56431.

URL Resource
http://www.openwall.com/lists/oss-security/2025/04/25/4 cve-icon
http://www.openwall.com/lists/oss-security/2025/04/25/6 cve-icon
https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC cve-icon cve-icon cve-icon
https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193 cve-icon cve-icon cve-icon
https://github.com/xiph/theora/issues/17#issuecomment-2480630603 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-56431 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-56431 cve-icon
https://www.openwall.com/lists/oss-security/2025/04/25/6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact