3 matches found
CVE-2025-27091
OpenH264 decoding vulnerability (CVE-2025-27091) affects OpenH264 2.5.0 and earlier in both SVC and AVC modes. A race condition between SPS memory allocation and subsequent non-IDR NAL memory usage can enable a remote, unauthenticated attacker to trigger a heap overflow by delivering a crafted bi...
CVE-2014-8001
CVE-2014-8001: Cisco OpenH264 has a heap/buffer overflow in decode.cpp (decoder logic) affecting OpenH264 ≤ 1.2.0. By feeding malformed H.264 data to the decoder, an unauthenticated remote attacker can cause arbitrary code execution within the targeted application; Cisco released a patch per vend...
CVE-2014-8002
Cisco OpenH264 libraries (version 1.2.0 and earlier) contain a use-after-free flaw in decode_slice.cpp that can be triggered by malformed H.264 data, leading to remote code execution. The vulnerability affects applications using the library, with impact to arbitrary code execution in the context ...