CVE-2024-56431

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56431

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56431.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-56431

Related

Withdrawn

2025-04-25T18:56:36Z

Published

2024-12-25T17:15:05Z

Modified

2025-04-27T20:50:49.267855Z

Downstream

SUSE-SU-2025:1287-1

SUSE-SU-2025:1288-1

Summary

[none]

Details

ochufftree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

References

Affected packages

Debian:11 / libtheora

Package

Name: libtheora
Purl: pkg:deb/debian/libtheora?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1+dfsg.1-15

1.1.1+dfsg.1-16

1.1.1+dfsg.1-16+hurd.1

1.1.1+dfsg.1-16.1

1.1.1+dfsg.1-17

1.2.0~alpha1+dfsg-1

1.2.0~alpha1+dfsg-2

1.2.0~alpha1+dfsg-3

1.2.0~alpha1+dfsg-4

1.2.0~alpha1+dfsg-5

1.2.0~alpha1+dfsg-6

1.2.0+dfsg-1

1.2.0+dfsg-2

1.2.0+dfsg-3

1.2.0+dfsg-4

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / libtheora

Package

Name: libtheora
Purl: pkg:deb/debian/libtheora?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1+dfsg.1-16.1

1.1.1+dfsg.1-17

1.2.0~alpha1+dfsg-1

1.2.0~alpha1+dfsg-2

1.2.0~alpha1+dfsg-3

1.2.0~alpha1+dfsg-4

1.2.0~alpha1+dfsg-5

1.2.0~alpha1+dfsg-6

1.2.0+dfsg-1

1.2.0+dfsg-2

1.2.0+dfsg-3

1.2.0+dfsg-4

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / libtheora

Package

Name: libtheora
Purl: pkg:deb/debian/libtheora?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.0~alpha1+dfsg-6

Affected versions

1.*

1.1.1+dfsg.1-16.1

1.1.1+dfsg.1-17

1.2.0~alpha1+dfsg-1

1.2.0~alpha1+dfsg-2

1.2.0~alpha1+dfsg-3

1.2.0~alpha1+dfsg-4

1.2.0~alpha1+dfsg-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/xiph/theora

Affected ranges

Type: GIT
Repo: https://github.com/xiph/theora
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8e4808736e9c181b971306cc3f05df9e61354004

Affected versions

v1.*

v1.2.0alpha1

v1.2.0beta1