CVE-2024-56431

CRITICAL

Theora < 1.2.0 - Invalid Negative Left Shift in oc_huff_tree_unpack

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-56431. PoCs published by UnionTech-Software.

AI-analyzed exploit summary This is a fuzzer-based PoC for CVE-2024-56431 targeting a memory corruption vulnerability in libtheora. The code uses AddressSanitizer and UndefinedBehaviorSanitizer to detect issues during Theora video decoding.

Description

oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.

Exploits (1)

nomisec WORKING POC 1 stars
by UnionTech-Software · poc
https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC

This is a fuzzer-based PoC for CVE-2024-56431 targeting a memory corruption vulnerability in libtheora. The code uses AddressSanitizer and UndefinedBehaviorSanitizer to detect issues during Theora video decoding.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: libtheora (version not specified)
No auth needed
Prerequisites: libtheora source code for compilation · g++ with sanitizer support
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 9.8
EPSS 0.0179
EPSS Percentile 75.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-863
Status published
Products (1)
xiph/theora < 1.2.0
Published Dec 25, 2024
Tracked Since Feb 18, 2026