Description
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
Published: 2026-04-06
Score: 5.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service or Information Disclosure
Action: Apply Update
AI Analysis

Impact

A heap‑based out‑of‑bounds read vulnerability exists in libtheora’s AVI parser. An attacker can craft a malformed AVI file that causes the parser to read beyond allocated memory. This can lead to an application crash, creating a denial‑of‑service condition, or leak sensitive data read from the process heap, exposing confidential information.

Affected Systems

Red Hat Enterprise Linux 6, 7, 8, 9 and 10 contain the vulnerable libtheora package. Any system running these RHEL releases may be impacted if the library is in use by media applications that accept AVI files.

Risk and Exploitability

The CVSS score of 5.6 indicates moderate severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. Exploitation requires that a local user opens a specially crafted AVI file, so the attack vector is local through user interaction. If a malicious AVI file is delivered via phishing or distributed on shared media, the risk to end users is significant. The vulnerability does not provide remote code execution but can still cause service disruption or data leakage.

Generated by OpenCVE AI on April 6, 2026 at 12:21 UTC.

Remediation

Vendor Workaround

To mitigate this issue, users should avoid opening untrusted AVI files. Exercise caution when handling AVI files from unknown or suspicious sources.

OpenCVE Recommended Actions

  • Update the libtheora package to the latest version available in RHEL repositories to eliminate the faulty AVI parser code.
  • If a patch is not immediately available, install any available security updates that incorporate the fix for libtheora in the affected RHEL release.
  • Until a patch is applied, follow the vendor’s workaround by avoiding the opening or execution of any untrusted AVI files from unknown or suspicious sources.

Generated by OpenCVE AI on April 6, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Xiph
Xiph libtheora
Vendors & Products Xiph
Xiph libtheora

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 06 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
Title Libtheora: libtheora: denial of service or information disclosure via malformed avi file processing
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux
Xiph Libtheora
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-06T18:02:52.708Z

Reserved: 2026-04-06T09:07:22.895Z

Link: CVE-2026-5673

cve-icon Vulnrichment

Updated: 2026-04-06T17:58:32.077Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-06T10:16:03.400

Modified: 2026-04-07T13:20:35.010

Link: CVE-2026-5673

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-06T09:16:15Z

Links: CVE-2026-5673 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:33:00Z

Weaknesses