CVE-2026-5673 PUBLISHED

Libtheora: libtheora: denial of service or information disclosure via malformed avi file processing

Assigner: redhat
Reserved: 06.04.2026 Published: 06.04.2026 Updated: 06.04.2026

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
CVSS Score: 5.6

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Workarounds

To mitigate this issue, users should avoid opening untrusted AVI files. Exercise caution when handling AVI files from unknown or suspicious sources.

Credits

Red Hat would like to thank ChenZhengzhe (HangZhouDianZi University) for reporting this issue.

References

Problem Types

Out-of-bounds Read CWE