CVE-2026-5673: Out-of-bounds Read in Red Hat Red Hat Enterprise Linux 10
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
AI Analysis
Technical Summary
This vulnerability in libtheora's AVI parser allows a local attacker to cause a heap-based out-of-bounds read by providing a malformed AVI file containing a truncated header sub-chunk. The issue resides in the avi_parse_input_file() function. Successful exploitation requires tricking a user into opening the crafted file, leading to denial-of-service or potential information disclosure from heap memory. The CVSS 3.1 vector indicates local attack vector, low complexity, low privileges required, user interaction needed, unchanged scope, low confidentiality impact, no integrity impact, and high availability impact. Red Hat Enterprise Linux 10 is affected. No patch or official remediation guidance is currently provided in the vendor advisory.
Potential Impact
The vulnerability can cause application crashes (denial-of-service) or potentially leak sensitive information from heap memory when a specially crafted AVI file is opened. The impact is limited to local users who can trick others into opening malicious files. There is no indication of remote exploitation or integrity compromise. The CVSS score of 5.6 reflects medium severity with significant availability impact but limited confidentiality impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-5673 for current remediation guidance. Until a patch is available, users should avoid opening untrusted or suspicious AVI files. No official fix or temporary workaround is currently documented by Red Hat.
CVE-2026-5673: Out-of-bounds Read in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in libtheora's AVI parser allows a local attacker to cause a heap-based out-of-bounds read by providing a malformed AVI file containing a truncated header sub-chunk. The issue resides in the avi_parse_input_file() function. Successful exploitation requires tricking a user into opening the crafted file, leading to denial-of-service or potential information disclosure from heap memory. The CVSS 3.1 vector indicates local attack vector, low complexity, low privileges required, user interaction needed, unchanged scope, low confidentiality impact, no integrity impact, and high availability impact. Red Hat Enterprise Linux 10 is affected. No patch or official remediation guidance is currently provided in the vendor advisory.
Potential Impact
The vulnerability can cause application crashes (denial-of-service) or potentially leak sensitive information from heap memory when a specially crafted AVI file is opened. The impact is limited to local users who can trick others into opening malicious files. There is no indication of remote exploitation or integrity compromise. The CVSS score of 5.6 reflects medium severity with significant availability impact but limited confidentiality impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-5673 for current remediation guidance. Until a patch is available, users should avoid opening untrusted or suspicious AVI files. No official fix or temporary workaround is currently documented by Red Hat.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-06T09:07:22.895Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-5673","vendor":"Red Hat"}]
Threat ID: 69d380c00a160ebd929cdd67
Added to database: 4/6/2026, 9:45:36 AM
Last enriched: 5/2/2026, 1:54:17 AM
Last updated: 5/21/2026, 6:34:56 PM
Views: 120
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.