Описание
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
Отчет
Moderate: A heap-based out-of-bounds read flaw in libtheora's AVI parser can lead to a denial-of-service or information leak. Exploitation requires a local attacker to trick a user into opening a specially crafted AVI file.
Меры по смягчению последствий
To mitigate this issue, users should avoid opening untrusted AVI files. Exercise caution when handling AVI files from unknown or suspicious sources.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libtheora | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libtheora | Fix deferred | ||
| Red Hat Enterprise Linux 7 | libtheora | Fix deferred | ||
| Red Hat Enterprise Linux 8 | libtheora | Fix deferred | ||
| Red Hat Enterprise Linux 9 | libtheora | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
A flaw was found in libtheora. This heap-based out-of-bounds read vuln ...
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
EPSS
5.6 Medium
CVSS3