VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-n9vh-b53a-qfbt

Essentials
Severities (78)
References (15)
Severity details (10)
Exploits (0)
EPSS
History (2)

Vulnerability ID	VCID-n9vh-b53a-qfbt
Aliases	CVE-2024-56431
Summary	libtheora: incorrect bitwise shift in huffdec.c
Status	Disputed
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1335

Incorrect Bitwise Shift of Integer

System	Score	Found at
cvssv3	3.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56431.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.01861	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02307	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02307	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02307	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02337	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02337	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02337	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02337	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02337	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.02507	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.03095	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.03095	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.03095	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.03095	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.03095	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.03095	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05111	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05648	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05648	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05648	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05648	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05648	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05648	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05648	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05648	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05648	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.05989	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.07751	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.07751	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.07751	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.07751	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.07751	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.07751	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.07751	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.07751	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
epss	0.07751	https://api.first.org/data/v1/epss?cve=CVE-2024-56431
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC
ssvc	Track	https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC
cvssv3.1	9.8	https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193
ssvc	Track	https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193
cvssv3.1	9.8	https://github.com/xiph/theora/issues/17#issuecomment-2480630603
ssvc	Track	https://github.com/xiph/theora/issues/17#issuecomment-2480630603
cvssv3.1	9.8	https://www.openwall.com/lists/oss-security/2025/04/25/6
ssvc	Track	https://www.openwall.com/lists/oss-security/2025/04/25/6

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56431.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-56431
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56431
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		http://www.openwall.com/lists/oss-security/2025/04/25/4
		http://www.openwall.com/lists/oss-security/2025/04/25/6
1091633		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091633
17#issuecomment-2480630603		https://github.com/xiph/theora/issues/17#issuecomment-2480630603
2334093		https://bugzilla.redhat.com/show_bug.cgi?id=2334093
6		https://www.openwall.com/lists/oss-security/2025/04/25/6
cpe:2.3:a:xiph:libtheora::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph:libtheora::::::::
cpe:2.3:a:xiph:theora::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xiph:theora::::::::
CVE-2024-56431		https://nvd.nist.gov/vuln/detail/CVE-2024-56431
huffdec.c#L193		https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193
libtheora-CVE-2024-56431-PoC		https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56431.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:42:33Z/ Found at https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:42:33Z/ Found at https://github.com/xiph/theora/blob/7180717276af1ebc7da15c83162d6c5d6203aabf/lib/huffdec.c#L193

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/xiph/theora/issues/17#issuecomment-2480630603

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:42:33Z/ Found at https://github.com/xiph/theora/issues/17#issuecomment-2480630603

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2025/04/25/6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:42:33Z/ Found at https://www.openwall.com/lists/oss-security/2025/04/25/6

Exploit Prediction Scoring System (EPSS)

Percentile	0.17386
EPSS Score	0.00045
Published At	Dec. 27, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2025-05-13T09:33:33.169241+00:00	NVD CVE Status Improver	Improve	https://cveawg.mitre.org/api/cve/CVE-2024-56431	36.0.0
2024-12-26T18:09:39.678723+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56431.json	35.0.0