Heap-Based Out-of-Bounds Read in libtheora Affects Red Hat Products
CVE-2026-5673

5.6MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
6 April 2026

What is CVE-2026-5673?

A flaw exists in libtheora's AVI parser, specifically within the avi_parse_input_file() function, allowing a local attacker to create a specially crafted AVI file. By deceiving a user into opening this file, an attacker could trigger a heap-based out-of-bounds read, potentially causing the application to crash or exposing sensitive information stored in the heap. This vulnerability underscores the importance of rigorous file handling and user awareness in mitigating security risks.

References

https://access.redhat.com/security/cve/CVE-2026-5673
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2455340
issue-trackingx_refsource_REDHAT
https://github.com/xiph/theora/issues/24

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank ChenZhengzhe (HangZhouDianZi University) for reporting this issue.
.