Search criteria
8 vulnerabilities found for openh264 by cisco
VAR-201411-0252
Vulnerability from variot - Updated: 2025-04-12 23:24Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can overwrite a heap buffer. This could result in the execution of arbitrary code in the context of the application. The Cisco OpenH264 is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user supplied input. Cisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "openh264",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "1.2.0"
},
{
"_id": null,
"model": "openh264",
"scope": null,
"trust": 0.7,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "openh264",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.2.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:openh264",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
}
]
},
"credits": {
"_id": null,
"data": "\u041e\u043a\u0441\u0430\u043d\u0430",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8001",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8001",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-75946",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8001",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8001",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-473",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-75946",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75946"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
}
]
},
"description": {
"_id": null,
"data": "Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can overwrite a heap buffer. This could result in the execution of arbitrary code in the context of the application. The Cisco OpenH264 is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user supplied input. \nCisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8001"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "BID",
"id": "71409"
},
{
"db": "VULHUB",
"id": "VHN-75946"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-8001",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2414",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-391",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473",
"trust": 0.7
},
{
"db": "BID",
"id": "71409",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-75946",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "VULHUB",
"id": "VHN-75946"
},
{
"db": "BID",
"id": "71409"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
}
]
},
"id": "VAR-201411-0252",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-75946"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-12T23:24:41.001000Z",
"patch": {
"_id": null,
"data": [
{
"title": "36500",
"trust": 1.5,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36500"
},
{
"title": "dpb uninitial crash for EC",
"trust": 0.8,
"url": "https://github.com/cisco/openh264/pull/1088/files"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75946"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36500"
},
{
"trust": 1.7,
"url": "https://github.com/cisco/openh264/pull/1088/files"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8001"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8001"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "VULHUB",
"id": "VHN-75946"
},
{
"db": "BID",
"id": "71409"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-14-391",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-75946",
"ident": null
},
{
"db": "BID",
"id": "71409",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-8001",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-12-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-391",
"ident": null
},
{
"date": "2014-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-75946",
"ident": null
},
{
"date": "2014-11-24T00:00:00",
"db": "BID",
"id": "71409",
"ident": null
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005647",
"ident": null
},
{
"date": "2014-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-473",
"ident": null
},
{
"date": "2014-11-25T17:59:00.080000",
"db": "NVD",
"id": "CVE-2014-8001",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-12-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-391",
"ident": null
},
{
"date": "2014-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-75946",
"ident": null
},
{
"date": "2014-12-05T01:56:00",
"db": "BID",
"id": "71409",
"ident": null
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005647",
"ident": null
},
{
"date": "2014-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-473",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8001",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Cisco OpenH264 of decode.cpp Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
],
"trust": 0.6
}
}
VAR-201411-0253
Vulnerability from variot - Updated: 2025-04-12 23:15Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. By providing malformed H.264 data to the decoder, an attacker can force a dangling pointer to be referenced after it has been freed. The Cisco OpenH264 is prone to a memory corruption vulnerability. Cisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openh264",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "1.2.0"
},
{
"model": "openh264",
"scope": null,
"trust": 0.7,
"vendor": "cisco",
"version": null
},
{
"model": "openh264",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.2.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:openh264",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u041e\u043a\u0441\u0430\u043d\u0430",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8002",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8002",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-75947",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8002",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8002",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-474",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-75947",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. By providing malformed H.264 data to the decoder, an attacker can force a dangling pointer to be referenced after it has been freed. The Cisco OpenH264 is prone to a memory corruption vulnerability. \nCisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8002"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "BID",
"id": "71467"
},
{
"db": "VULHUB",
"id": "VHN-75947"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8002",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2415",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-392",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474",
"trust": 0.7
},
{
"db": "BID",
"id": "71467",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-75947",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "BID",
"id": "71467"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"id": "VAR-201411-0253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-75947"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-12T23:15:53.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "36501",
"trust": 1.5,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36501"
},
{
"title": "stop early error for parse/recon MB",
"trust": 0.8,
"url": "https://github.com/cisco/openh264/pull/1096/files"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36501"
},
{
"trust": 1.7,
"url": "https://github.com/cisco/openh264/pull/1096/files"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8002"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8002"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "BID",
"id": "71467"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "BID",
"id": "71467"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"date": "2014-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-75947"
},
{
"date": "2014-11-24T00:00:00",
"db": "BID",
"id": "71467"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"date": "2014-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-474"
},
{
"date": "2014-11-25T17:59:01.627000",
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"date": "2014-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-75947"
},
{
"date": "2014-12-05T00:58:00",
"db": "BID",
"id": "71467"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"date": "2014-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-474"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco OpenH264 of decode_slice.cpp Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
],
"trust": 0.6
}
}
CVE-2025-27091 (GCVE-0-2025-27091)
Vulnerability from nvd – Published: 2025-02-20 17:50 – Updated: 2025-02-20 18:40
VLAI?
Title
OpenH264 Decoding Functions Heap Overflow Vulnerability
Summary
OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker could exploit this vulnerability by crafting a malicious bitstream and tricking a victim user into processing an arbitrary video containing the malicious bistream. An exploit could allow the attacker to cause an unexpected crash in the victim's user decoding client and, possibly, perform arbitrary commands on the victim's host by abusing the heap overflow. This vulnerability affects OpenH264 2.5.0 and earlier releases. Both Scalable Video Coding (SVC) mode and Advanced Video Coding (AVC) mode are affected by this vulnerability. OpenH264 software releases 2.6.0 and later contained the fix for this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### For more information
If you have any questions or comments about this advisory:
* [Open an issue in cisco/openh264](https://github.com/cisco/openh264/issues)
* Email Cisco Open Source Security ([oss-security@cisco.com](mailto:oss-security@cisco.com)) and Cisco PSIRT ([psirt@cisco.com](mailto:psirt@cisco.com))
### Credits:
* **Research:** Octavian Guzu and Andrew Calvano of Meta
* **Fix ideation:** Philipp Hancke and Shyam Sadhwani of Meta
* **Fix implementation:** Benzheng Zhang (@BenzhengZhang)
* **Release engineering:** Benzheng Zhang (@BenzhengZhang)
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T18:40:17.666475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T18:40:39.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openh264",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker could exploit this vulnerability by crafting a malicious bitstream and tricking a victim user into processing an arbitrary video containing the malicious bistream. An exploit could allow the attacker to cause an unexpected crash in the victim\u0027s user decoding client and, possibly, perform arbitrary commands on the victim\u0027s host by abusing the heap overflow. This vulnerability affects OpenH264 2.5.0 and earlier releases. Both Scalable Video Coding (SVC) mode and Advanced Video Coding (AVC) mode are affected by this vulnerability. OpenH264 software releases 2.6.0 and later contained the fix for this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* [Open an issue in cisco/openh264](https://github.com/cisco/openh264/issues)\n* Email Cisco Open Source Security ([oss-security@cisco.com](mailto:oss-security@cisco.com)) and Cisco PSIRT ([psirt@cisco.com](mailto:psirt@cisco.com))\n\n### Credits:\n\n* **Research:** Octavian Guzu and Andrew Calvano of Meta\n* **Fix ideation:** Philipp Hancke and Shyam Sadhwani of Meta\n* **Fix implementation:** Benzheng Zhang (@BenzhengZhang)\n* **Release engineering:** Benzheng Zhang (@BenzhengZhang)"
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T17:50:03.191Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x"
},
{
"name": "https://github.com/cisco/openh264/releases/tag/v2.6.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cisco/openh264/releases/tag/v2.6.0"
}
],
"source": {
"advisory": "GHSA-m99q-5j7x-7m9x",
"discovery": "UNKNOWN"
},
"title": "OpenH264 Decoding Functions Heap Overflow Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27091",
"datePublished": "2025-02-20T17:50:03.191Z",
"dateReserved": "2025-02-18T16:44:48.764Z",
"dateUpdated": "2025-02-20T18:40:39.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8002 (GCVE-0-2014-8002)
Vulnerability from nvd – Published: 2014-11-25 17:00 – Updated: 2024-08-06 13:10
VLAI?
Summary
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:49.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cisco/openh264/pull/1096/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-25T17:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cisco/openh264/pull/1096/files"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36501",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36501"
},
{
"name": "https://github.com/cisco/openh264/pull/1096/files",
"refsource": "CONFIRM",
"url": "https://github.com/cisco/openh264/pull/1096/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-8002",
"datePublished": "2014-11-25T17:00:00",
"dateReserved": "2014-10-08T00:00:00",
"dateUpdated": "2024-08-06T13:10:49.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8001 (GCVE-0-2014-8001)
Vulnerability from nvd – Published: 2014-11-25 17:00 – Updated: 2024-08-06 13:10
VLAI?
Summary
Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cisco/openh264/pull/1088/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-25T17:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cisco/openh264/pull/1088/files"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36500",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36500"
},
{
"name": "https://github.com/cisco/openh264/pull/1088/files",
"refsource": "CONFIRM",
"url": "https://github.com/cisco/openh264/pull/1088/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-8001",
"datePublished": "2014-11-25T17:00:00",
"dateReserved": "2014-10-08T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27091 (GCVE-0-2025-27091)
Vulnerability from cvelistv5 – Published: 2025-02-20 17:50 – Updated: 2025-02-20 18:40
VLAI?
Title
OpenH264 Decoding Functions Heap Overflow Vulnerability
Summary
OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker could exploit this vulnerability by crafting a malicious bitstream and tricking a victim user into processing an arbitrary video containing the malicious bistream. An exploit could allow the attacker to cause an unexpected crash in the victim's user decoding client and, possibly, perform arbitrary commands on the victim's host by abusing the heap overflow. This vulnerability affects OpenH264 2.5.0 and earlier releases. Both Scalable Video Coding (SVC) mode and Advanced Video Coding (AVC) mode are affected by this vulnerability. OpenH264 software releases 2.6.0 and later contained the fix for this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### For more information
If you have any questions or comments about this advisory:
* [Open an issue in cisco/openh264](https://github.com/cisco/openh264/issues)
* Email Cisco Open Source Security ([oss-security@cisco.com](mailto:oss-security@cisco.com)) and Cisco PSIRT ([psirt@cisco.com](mailto:psirt@cisco.com))
### Credits:
* **Research:** Octavian Guzu and Andrew Calvano of Meta
* **Fix ideation:** Philipp Hancke and Shyam Sadhwani of Meta
* **Fix implementation:** Benzheng Zhang (@BenzhengZhang)
* **Release engineering:** Benzheng Zhang (@BenzhengZhang)
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T18:40:17.666475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T18:40:39.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openh264",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker could exploit this vulnerability by crafting a malicious bitstream and tricking a victim user into processing an arbitrary video containing the malicious bistream. An exploit could allow the attacker to cause an unexpected crash in the victim\u0027s user decoding client and, possibly, perform arbitrary commands on the victim\u0027s host by abusing the heap overflow. This vulnerability affects OpenH264 2.5.0 and earlier releases. Both Scalable Video Coding (SVC) mode and Advanced Video Coding (AVC) mode are affected by this vulnerability. OpenH264 software releases 2.6.0 and later contained the fix for this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* [Open an issue in cisco/openh264](https://github.com/cisco/openh264/issues)\n* Email Cisco Open Source Security ([oss-security@cisco.com](mailto:oss-security@cisco.com)) and Cisco PSIRT ([psirt@cisco.com](mailto:psirt@cisco.com))\n\n### Credits:\n\n* **Research:** Octavian Guzu and Andrew Calvano of Meta\n* **Fix ideation:** Philipp Hancke and Shyam Sadhwani of Meta\n* **Fix implementation:** Benzheng Zhang (@BenzhengZhang)\n* **Release engineering:** Benzheng Zhang (@BenzhengZhang)"
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T17:50:03.191Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x"
},
{
"name": "https://github.com/cisco/openh264/releases/tag/v2.6.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cisco/openh264/releases/tag/v2.6.0"
}
],
"source": {
"advisory": "GHSA-m99q-5j7x-7m9x",
"discovery": "UNKNOWN"
},
"title": "OpenH264 Decoding Functions Heap Overflow Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27091",
"datePublished": "2025-02-20T17:50:03.191Z",
"dateReserved": "2025-02-18T16:44:48.764Z",
"dateUpdated": "2025-02-20T18:40:39.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8001 (GCVE-0-2014-8001)
Vulnerability from cvelistv5 – Published: 2014-11-25 17:00 – Updated: 2024-08-06 13:10
VLAI?
Summary
Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cisco/openh264/pull/1088/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-25T17:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cisco/openh264/pull/1088/files"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36500",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36500"
},
{
"name": "https://github.com/cisco/openh264/pull/1088/files",
"refsource": "CONFIRM",
"url": "https://github.com/cisco/openh264/pull/1088/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-8001",
"datePublished": "2014-11-25T17:00:00",
"dateReserved": "2014-10-08T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8002 (GCVE-0-2014-8002)
Vulnerability from cvelistv5 – Published: 2014-11-25 17:00 – Updated: 2024-08-06 13:10
VLAI?
Summary
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:49.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cisco/openh264/pull/1096/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-25T17:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cisco/openh264/pull/1096/files"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36501",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36501"
},
{
"name": "https://github.com/cisco/openh264/pull/1096/files",
"refsource": "CONFIRM",
"url": "https://github.com/cisco/openh264/pull/1096/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-8002",
"datePublished": "2014-11-25T17:00:00",
"dateReserved": "2014-10-08T00:00:00",
"dateUpdated": "2024-08-06T13:10:49.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}