Cisco OpenH264 Use-After-Free Remote Code Execution Vulnerability

ID ZDI-14-392
Type zdi
Reporter Оксана
Modified 2014-06-22T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on applications using vulnerable versions of Cisco OpenH264. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can force a dangling pointer to be referenced after it has been freed. This could result in the execution of arbitrary code in the context of the application.