CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c

["xiaolin" <dongxiaolin () deepin org>]

Severity: 
- moderate


Affected versions:
- libtheora through 1.2.0


Fixed software:
- v1.2.0


Description:
A flaw was found in Theora (libtheora). An incorrect bitwise shift may be triggered via specially-crafted input, 
potentially resulting in an application crash.


-------------------------------------------------------------
References:
https://github.com/advisories/GHSA-8xp8-gmmj-xc8w
https://github.com/UnionTech-Software/openfhe-PoC
https://gitlab.xiph.org/xiph/theora/-/merge_requests/28
https://gitlab.xiph.org/xiph/theora/-/commit/5665f86b8fd8345bb09469990e79221562ac204b