CVE-2026-5673

Name of the Vulnerable Software and Affected Versions libtheora (affected versions not specified)

Description A heap-based out-of-bounds read flaw exists in libtheora's AVI (Audio Video Interleave) parser, specifically within the avi parse input file() function. A local attacker could exploit this by crafting a malicious AVI file with a truncated header sub-chunk. This could result in a denial-of-service (application crash) or potential information leakage from the heap.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.