CVE-2025-27091 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-27091 at MITRE

Description

OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker could exploit this vulnerability by crafting a malicious bitstream and tricking a victim user into processing an arbitrary video containing the malicious bistream. An exploit could allow the attacker to cause an unexpected crash in the victim's user decoding client and, possibly, perform arbitrary commands on the victim's host by abusing the heap overflow. This vulnerability affects OpenH264 2.5.0 and earlier releases. Both Scalable Video Coding (SVC) mode and Advanced Video Coding (AVC) mode are affected by this vulnerability. OpenH264 software releases 2.6.0 and later contained the fix for this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.

### For more information

If you have any questions or comments about this advisory:
* [Open an issue in cisco/openh264](https://github.com/cisco/openh264/issues)
* Email Cisco Open Source Security ([oss-security@cisco.com](mailto:oss-security@cisco.com)) and Cisco PSIRT ([psirt@cisco.com](mailto:psirt@cisco.com))

### Credits:

* **Research:** Octavian Guzu and Andrew Calvano of Meta
* **Fix ideation:** Philipp Hancke and Shyam Sadhwani of Meta
* **Fix implementation:** Benzheng Zhang (@BenzhengZhang)
* **Release engineering:** Benzheng Zhang (@BenzhengZhang)

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v4 Scores
	CNA (GitHub)
Base Score	8.6
Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector	Network
Attack Complexity	Low
Attack Requirements	None
Privileges Required	None
User Interaction	Active
Vulnerable System Confidentiality Impact	High
Vulnerable System Integrity Impact	High
Vulnerable System Availability Impact	High
Subsequent System Confidentiality Impact	None
Subsequent System Integrity Impact	None
Subsequent System Availability Impact	None
CVSSv4 Version	4.0

SUSE Bugzilla entry: 1237468 [NEW]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Thu Feb 20 20:00:54 2025
CVE page last modified: Fri Feb 21 14:12:54 2025