An update for libtheora is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2210 Final 1.0 1.0 2026-05-09 Initial 2026-05-09 2026-05-09 openEuler SA Tool V1.0 2026-05-09 libtheora security update An update for libtheora is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3 Theora is a free and open video compression format from the Xiph.org Foundation. Like all our multimedia technology it can be used to distribute film and video online and on disc without the licensing and royalty fees or vendor lock-in associated with other formats. Security Fix(es): A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.(CVE-2026-5673) An update for libtheora is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libtheora https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2210 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-5673 https://nvd.nist.gov/vuln/detail/CVE-2026-5673 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 libtheora-1.1.1-26.oe2003sp4.aarch64.rpm libtheora-debuginfo-1.1.1-26.oe2003sp4.aarch64.rpm libtheora-debugsource-1.1.1-26.oe2003sp4.aarch64.rpm libtheora-devel-1.1.1-26.oe2003sp4.aarch64.rpm theora-tools-1.1.1-26.oe2003sp4.aarch64.rpm libtheora-1.1.1-27.oe2203sp4.aarch64.rpm libtheora-debuginfo-1.1.1-27.oe2203sp4.aarch64.rpm libtheora-debugsource-1.1.1-27.oe2203sp4.aarch64.rpm libtheora-devel-1.1.1-27.oe2203sp4.aarch64.rpm theora-tools-1.1.1-27.oe2203sp4.aarch64.rpm libtheora-1.1.1-29.oe2403.aarch64.rpm libtheora-debuginfo-1.1.1-29.oe2403.aarch64.rpm libtheora-debugsource-1.1.1-29.oe2403.aarch64.rpm libtheora-devel-1.1.1-29.oe2403.aarch64.rpm theora-tools-1.1.1-29.oe2403.aarch64.rpm libtheora-1.1.1-29.oe2403sp1.aarch64.rpm libtheora-debuginfo-1.1.1-29.oe2403sp1.aarch64.rpm libtheora-debugsource-1.1.1-29.oe2403sp1.aarch64.rpm libtheora-devel-1.1.1-29.oe2403sp1.aarch64.rpm theora-tools-1.1.1-29.oe2403sp1.aarch64.rpm libtheora-1.1.1-29.oe2403sp3.aarch64.rpm libtheora-debuginfo-1.1.1-29.oe2403sp3.aarch64.rpm libtheora-debugsource-1.1.1-29.oe2403sp3.aarch64.rpm libtheora-devel-1.1.1-29.oe2403sp3.aarch64.rpm theora-tools-1.1.1-29.oe2403sp3.aarch64.rpm libtheora-1.1.1-26.oe2003sp4.src.rpm libtheora-1.1.1-27.oe2203sp4.src.rpm libtheora-1.1.1-29.oe2403.src.rpm libtheora-1.1.1-29.oe2403sp1.src.rpm libtheora-1.1.1-29.oe2403sp3.src.rpm libtheora-1.1.1-26.oe2003sp4.x86_64.rpm libtheora-debuginfo-1.1.1-26.oe2003sp4.x86_64.rpm libtheora-debugsource-1.1.1-26.oe2003sp4.x86_64.rpm libtheora-devel-1.1.1-26.oe2003sp4.x86_64.rpm theora-tools-1.1.1-26.oe2003sp4.x86_64.rpm libtheora-1.1.1-27.oe2203sp4.x86_64.rpm libtheora-debuginfo-1.1.1-27.oe2203sp4.x86_64.rpm libtheora-debugsource-1.1.1-27.oe2203sp4.x86_64.rpm libtheora-devel-1.1.1-27.oe2203sp4.x86_64.rpm theora-tools-1.1.1-27.oe2203sp4.x86_64.rpm libtheora-1.1.1-29.oe2403.x86_64.rpm libtheora-debuginfo-1.1.1-29.oe2403.x86_64.rpm libtheora-debugsource-1.1.1-29.oe2403.x86_64.rpm libtheora-devel-1.1.1-29.oe2403.x86_64.rpm theora-tools-1.1.1-29.oe2403.x86_64.rpm libtheora-1.1.1-29.oe2403sp1.x86_64.rpm libtheora-debuginfo-1.1.1-29.oe2403sp1.x86_64.rpm libtheora-debugsource-1.1.1-29.oe2403sp1.x86_64.rpm libtheora-devel-1.1.1-29.oe2403sp1.x86_64.rpm theora-tools-1.1.1-29.oe2403sp1.x86_64.rpm libtheora-1.1.1-29.oe2403sp3.x86_64.rpm libtheora-debuginfo-1.1.1-29.oe2403sp3.x86_64.rpm libtheora-debugsource-1.1.1-29.oe2403sp3.x86_64.rpm libtheora-devel-1.1.1-29.oe2403sp3.x86_64.rpm theora-tools-1.1.1-29.oe2403sp3.x86_64.rpm libtheora-help-1.1.1-26.oe2003sp4.noarch.rpm libtheora-help-1.1.1-27.oe2203sp4.noarch.rpm libtheora-help-1.1.1-29.oe2403.noarch.rpm libtheora-help-1.1.1-29.oe2403sp1.noarch.rpm libtheora-help-1.1.1-29.oe2403sp3.noarch.rpm A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap. 2026-05-09 CVE-2026-5673 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP3 Medium 5.6 AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H libtheora security update 2026-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2210