CVE-2024-56431

CRITICAL EPSS 76.0%
Published Dec 25, 20241y ago · Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Dec 25, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
76.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
xiphtheora* <1.2.0

References 6

  • openwall.com http://www.openwall.com/lists/oss-security/2025/04/25/4
  • openwall.com http://www.openwall.com/lists/oss-security/2025/04/25/6
  • github.com https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC
    Exploit
  • github.com https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193
    Product
  • github.com https://github.com/xiph/theora/issues/17#issuecomment-2480630603
    Issue Tracking
  • openwall.com https://www.openwall.com/lists/oss-security/2025/04/25/6

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.