CVE-2026-5673
Published: 06 April 2026
Summary
CVE-2026-5673 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 5.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-5673 is a heap-based out-of-bounds read vulnerability (CWE-125) in the libtheora library, specifically within the AVI parser's avi_parse_input_file() function. The issue arises when processing a specially crafted AVI file with a truncated header sub-chunk, affecting applications that use libtheora for Theora video decoding.
A local attacker with low privileges can exploit this vulnerability by tricking a user into opening a malicious AVI file. This requires low attack complexity and user interaction but no elevated privileges or scope changes. Exploitation leads to a denial-of-service (application crash, high availability impact) or potential leakage of sensitive heap information (low confidentiality impact), as scored at CVSS 5.6 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H).
Advisories and patches for mitigation are detailed in the Red Hat security bulletin at https://access.redhat.com/security/cve/CVE-2026-5673, the associated Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2455340, and the upstream GitHub issue at https://github.com/xiph/theora/issues/24.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-19219
Vulnerability details
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI…
more
file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability triggered by opening crafted AVI file enables user execution of malicious file (T1204.002) and application crash via exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely remediation of flaws like the heap-based out-of-bounds read in libtheora by applying patches referenced in the advisories.
SI-16 implements memory protections such as ASLR and stack canaries that directly mitigate heap out-of-bounds read exploits leading to crashes or leaks.
SI-10 enforces validation of AVI file inputs to block specially crafted files with truncated headers before they reach the vulnerable parser.