Nixpkgs security tracker

Untriaged

Permalink CVE-2026-5673

5.6 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

Libtheora: libtheora: denial of service or information disclosure via malformed avi file processing

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.

References

https://access.redhat.com/security/cve/CVE-2026-5673 vdb-entryx_refsource_REDHAT
RHBZ#2455340 issue-trackingx_refsource_REDHAT
https://github.com/xiph/theora/issues/24

Affected products

libtheora

Matching in nixpkgs

pkgs.libtheora

Library for Theora, a free and open video compression format

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0
nixos-25.11 1.2.0
- nixos-25.11-small 1.2.0
- nixpkgs-25.11-darwin 1.2.0

Package maintainers

@getchoo Seth Flynn <getchoo@tuta.io>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.libtheora

Package maintainers