libtheora 中的不正确位移操作漏洞分析
Solar Designer质疑libtheora CVE-2024-56431的安全性,认为该漏洞仅在特定条件下触发,生产环境影响有限,并指出CVSS评分过高。 2025-4-25 17:28:0 Author: seclists.org(查看原文) 阅读量:13 收藏
Solar Designer质疑libtheora CVE-2024-56431的安全性,认为该漏洞仅在特定条件下触发,生产环境影响有限,并指出CVSS评分过高。 2025-4-25 17:28:0 Author: seclists.org(查看原文) 阅读量:13 收藏
oss-sec mailing list archives
From: Solar Designer <solar () openwall com>
Date: Fri, 25 Apr 2025 19:24:47 +0200
On Fri, Apr 25, 2025 at 03:17:52PM +0800, xiaolin wrote:
Severity: - moderate Affected versions: - libtheora through 1.2.0 Fixed software: - v1.2.0 Description: A flaw was found in Theora (libtheora). An incorrect bitwise shift may be triggered via specially-crafted input, potentially resulting in an application crash. ------------------------------------------------------------- References: https://github.com/advisories/GHSA-8xp8-gmmj-xc8w https://github.com/UnionTech-Software/openfhe-PoC
The above link is to a wrong PoC, I think you meant this one: https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC
https://gitlab.xiph.org/xiph/theora/-/merge_requests/28 https://gitlab.xiph.org/xiph/theora/-/commit/5665f86b8fd8345bb09469990e79221562ac204b
This doesn't look like a security issue, so the CVE should be rejected unless there's justification. Just how would "an incorrect bitwise shift" result in "an application crash"? In a build with UbSan, sure. In a production build, it would not, unless the resulting incorrect computation result causes that, or the compiler can infer it at compile time (in which case it could correctly assume it's undefined behavior and optimize it out). Neither appears to be the case here. Also, the linked GitHub advisory currently shows a ridiculous CVSS score of 9.8 resulting from the CVSS vector specifying High impact for all of Confidentiality, Integrity, and Availability. But you only claim "application crash" impact, which (if it were for real) would mean no impact on Confidentiality and Integrity, but only on Availability. That said, thank you for your fuzzing efforts, for reporting and getting the bug fixed (even if non-security, it was still a bug), and for reporting this issue to oss-security anyway, which gives us a chance to dispute its security relevance. Alexander
Current thread:
- CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c xiaolin (Apr 25)
- Re: CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c Solar Designer (Apr 25)
文章来源: https://seclists.org/oss-sec/2025/q2/97
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh