CVE-2026-5673

NameCVE-2026-5673
DescriptionA flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libtheora (PTS)bullseye1.1.1+dfsg.1-15vulnerable
bookworm1.1.1+dfsg.1-16.1+deb12u1vulnerable
trixie1.2.0~alpha1+dfsg-6vulnerable
forky, sid1.2.0+dfsg-6vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libtheorasource(unstable)(unfixed)

Notes

https://github.com/xiph/theora/issues/24
Search for package or bug name: Reporting problems