CVE-2024-56431

Exploit

EPSS 12.2%
Published 25.12.2024 17:15:05
Last modified 25.04.2025 20:15:38
Source cve@mitre.org
Teams watchlist Login
Open Login

oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Xiph ≫ Theora Version < 1.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.2%	0.936

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC

Exploit

https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193

Product

https://github.com/xiph/theora/issues/17#issuecomment-2480630603

Issue Tracking

http://www.openwall.com/lists/oss-security/2025/04/25/4

https://www.openwall.com/lists/oss-security/2025/04/25/6

http://www.openwall.com/lists/oss-security/2025/04/25/6

https://nvd.nist.gov/vuln/detail/CVE-2024-56431

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-56431

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-56431

EUVD