Source: openh264 Version: 2.5.0+dfsg-1 Severity: grave Tags: upstream security Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for openh264. CVE-2025-27091[0]: | OpenH264 is a free license codec library which supports H.264 | encoding and decoding. A vulnerability in the decoding functions of | OpenH264 codec library could allow a remote, unauthenticated | attacker to trigger a heap overflow. This vulnerability is due to a | race condition between a Sequence Parameter Set (SPS) memory | allocation and a subsequent non Instantaneous Decoder Refresh (non- | IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker | could exploit this vulnerability by crafting a malicious bitstream | and tricking a victim user into processing an arbitrary video | containing the malicious bistream. An exploit could allow the | attacker to cause an unexpected crash in the victim's user decoding | client and, possibly, perform arbitrary commands on the victim's | host by abusing the heap overflow. This vulnerability affects | OpenH264 2.5.0 and earlier releases. Both Scalable Video Coding | (SVC) mode and Advanced Video Coding (AVC) mode are affected by this | vulnerability. OpenH264 software releases 2.6.0 and later contained | the fix for this vulnerability. Users are advised to upgrade. There | are no known workarounds for this vulnerability. ### For more | information If you have any questions or comments about this | advisory: * [Open an issue in | cisco/openh264](https://github.com/cisco/openh264/issues) * Email | Cisco Open Source Security ([oss-secur...@cisco.com](mailto:oss- | secur...@cisco.com)) and Cisco PSIRT | ([ps...@cisco.com](mailto:ps...@cisco.com)) ### Credits: * | **Research:** Octavian Guzu and Andrew Calvano of Meta * **Fix | ideation:** Philipp Hancke and Shyam Sadhwani of Meta * **Fix | implementation:** Benzheng Zhang (@BenzhengZhang) * **Release | engineering:** Benzheng Zhang (@BenzhengZhang) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-27091 https://www.cve.org/CVERecord?id=CVE-2025-27091 [1] https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x Regards, Salvatore
