{"schema_version":"1.7.2","id":"OESA-2026-2210","modified":"2026-05-09T12:30:45Z","published":"2026-05-09T12:30:45Z","upstream":["CVE-2026-5673"],"summary":"libtheora security update","details":"Theora is a free and open video compression format from the Xiph.org Foundation. Like all our multimedia technology it can be used to distribute film and video online and on disc without the licensing and royalty fees or vendor lock-in associated with other formats.\r\n\r\nSecurity Fix(es):\n\nA flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.(CVE-2026-5673)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"libtheora","purl":"pkg:rpm/openEuler/libtheora&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-26.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["libtheora-1.1.1-26.oe2003sp4.aarch64.rpm","libtheora-debuginfo-1.1.1-26.oe2003sp4.aarch64.rpm","libtheora-debugsource-1.1.1-26.oe2003sp4.aarch64.rpm","libtheora-devel-1.1.1-26.oe2003sp4.aarch64.rpm","theora-tools-1.1.1-26.oe2003sp4.aarch64.rpm"],"noarch":["libtheora-help-1.1.1-26.oe2003sp4.noarch.rpm"],"src":["libtheora-1.1.1-26.oe2003sp4.src.rpm"],"x86_64":["libtheora-1.1.1-26.oe2003sp4.x86_64.rpm","libtheora-debuginfo-1.1.1-26.oe2003sp4.x86_64.rpm","libtheora-debugsource-1.1.1-26.oe2003sp4.x86_64.rpm","libtheora-devel-1.1.1-26.oe2003sp4.x86_64.rpm","theora-tools-1.1.1-26.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"libtheora","purl":"pkg:rpm/openEuler/libtheora&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-27.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["libtheora-1.1.1-27.oe2203sp4.aarch64.rpm","libtheora-debuginfo-1.1.1-27.oe2203sp4.aarch64.rpm","libtheora-debugsource-1.1.1-27.oe2203sp4.aarch64.rpm","libtheora-devel-1.1.1-27.oe2203sp4.aarch64.rpm","theora-tools-1.1.1-27.oe2203sp4.aarch64.rpm"],"noarch":["libtheora-help-1.1.1-27.oe2203sp4.noarch.rpm"],"src":["libtheora-1.1.1-27.oe2203sp4.src.rpm"],"x86_64":["libtheora-1.1.1-27.oe2203sp4.x86_64.rpm","libtheora-debuginfo-1.1.1-27.oe2203sp4.x86_64.rpm","libtheora-debugsource-1.1.1-27.oe2203sp4.x86_64.rpm","libtheora-devel-1.1.1-27.oe2203sp4.x86_64.rpm","theora-tools-1.1.1-27.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS","name":"libtheora","purl":"pkg:rpm/openEuler/libtheora&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-29.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["libtheora-1.1.1-29.oe2403.aarch64.rpm","libtheora-debuginfo-1.1.1-29.oe2403.aarch64.rpm","libtheora-debugsource-1.1.1-29.oe2403.aarch64.rpm","libtheora-devel-1.1.1-29.oe2403.aarch64.rpm","theora-tools-1.1.1-29.oe2403.aarch64.rpm","libtheora-1.1.1-29.oe2403sp1.aarch64.rpm","libtheora-debuginfo-1.1.1-29.oe2403sp1.aarch64.rpm","libtheora-debugsource-1.1.1-29.oe2403sp1.aarch64.rpm","libtheora-devel-1.1.1-29.oe2403sp1.aarch64.rpm","theora-tools-1.1.1-29.oe2403sp1.aarch64.rpm","libtheora-1.1.1-29.oe2403sp3.aarch64.rpm","libtheora-debuginfo-1.1.1-29.oe2403sp3.aarch64.rpm","libtheora-debugsource-1.1.1-29.oe2403sp3.aarch64.rpm","libtheora-devel-1.1.1-29.oe2403sp3.aarch64.rpm","theora-tools-1.1.1-29.oe2403sp3.aarch64.rpm"],"noarch":["libtheora-help-1.1.1-29.oe2403.noarch.rpm","libtheora-help-1.1.1-29.oe2403sp1.noarch.rpm","libtheora-help-1.1.1-29.oe2403sp3.noarch.rpm"],"src":["libtheora-1.1.1-29.oe2403.src.rpm","libtheora-1.1.1-29.oe2403sp1.src.rpm","libtheora-1.1.1-29.oe2403sp3.src.rpm"],"x86_64":["libtheora-1.1.1-29.oe2403.x86_64.rpm","libtheora-debuginfo-1.1.1-29.oe2403.x86_64.rpm","libtheora-debugsource-1.1.1-29.oe2403.x86_64.rpm","libtheora-devel-1.1.1-29.oe2403.x86_64.rpm","theora-tools-1.1.1-29.oe2403.x86_64.rpm","libtheora-1.1.1-29.oe2403sp1.x86_64.rpm","libtheora-debuginfo-1.1.1-29.oe2403sp1.x86_64.rpm","libtheora-debugsource-1.1.1-29.oe2403sp1.x86_64.rpm","libtheora-devel-1.1.1-29.oe2403sp1.x86_64.rpm","theora-tools-1.1.1-29.oe2403sp1.x86_64.rpm","libtheora-1.1.1-29.oe2403sp3.x86_64.rpm","libtheora-debuginfo-1.1.1-29.oe2403sp3.x86_64.rpm","libtheora-debugsource-1.1.1-29.oe2403sp3.x86_64.rpm","libtheora-devel-1.1.1-29.oe2403sp3.x86_64.rpm","theora-tools-1.1.1-29.oe2403sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"libtheora","purl":"pkg:rpm/openEuler/libtheora&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-29.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["libtheora-1.1.1-29.oe2403sp1.aarch64.rpm","libtheora-debuginfo-1.1.1-29.oe2403sp1.aarch64.rpm","libtheora-debugsource-1.1.1-29.oe2403sp1.aarch64.rpm","libtheora-devel-1.1.1-29.oe2403sp1.aarch64.rpm","theora-tools-1.1.1-29.oe2403sp1.aarch64.rpm"],"noarch":["libtheora-help-1.1.1-29.oe2403sp1.noarch.rpm"],"src":["libtheora-1.1.1-29.oe2403sp1.src.rpm"],"x86_64":["libtheora-1.1.1-29.oe2403sp1.x86_64.rpm","libtheora-debuginfo-1.1.1-29.oe2403sp1.x86_64.rpm","libtheora-debugsource-1.1.1-29.oe2403sp1.x86_64.rpm","libtheora-devel-1.1.1-29.oe2403sp1.x86_64.rpm","theora-tools-1.1.1-29.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"libtheora","purl":"pkg:rpm/openEuler/libtheora&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-29.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["libtheora-1.1.1-29.oe2403sp3.aarch64.rpm","libtheora-debuginfo-1.1.1-29.oe2403sp3.aarch64.rpm","libtheora-debugsource-1.1.1-29.oe2403sp3.aarch64.rpm","libtheora-devel-1.1.1-29.oe2403sp3.aarch64.rpm","theora-tools-1.1.1-29.oe2403sp3.aarch64.rpm"],"noarch":["libtheora-help-1.1.1-29.oe2403sp3.noarch.rpm"],"src":["libtheora-1.1.1-29.oe2403sp3.src.rpm"],"x86_64":["libtheora-1.1.1-29.oe2403sp3.x86_64.rpm","libtheora-debuginfo-1.1.1-29.oe2403sp3.x86_64.rpm","libtheora-debugsource-1.1.1-29.oe2403sp3.x86_64.rpm","libtheora-devel-1.1.1-29.oe2403sp3.x86_64.rpm","theora-tools-1.1.1-29.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2210"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5673"}],"database_specific":{"severity":"Medium"}}