Sign-up

ID

VAR-201411-0252


CVE

CVE-2014-8001


TITLE

Cisco OpenH264 of decode.cpp Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2014-005647

DESCRIPTION

Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can overwrite a heap buffer. This could result in the execution of arbitrary code in the context of the application. The Cisco OpenH264 is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user supplied input. Cisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco

Trust: 2.61

sources: NVD: CVE-2014-8001 // JVNDB: JVNDB-2014-005647 // ZDI: ZDI-14-391 // BID: 71409 // VULHUB: VHN-75946

AFFECTED PRODUCTS

vendor:ciscomodel:openh264scope:lteversion:1.2.0

Trust: 1.8

vendor:ciscomodel:openh264scope: - version: -

Trust: 0.7

vendor:ciscomodel:openh264scope:eqversion:1.2.0

Trust: 0.6

sources: ZDI: ZDI-14-391 // JVNDB: JVNDB-2014-005647 // CNNVD: CNNVD-201411-473 // NVD: CVE-2014-8001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8001
value: HIGH

Trust: 1.0

NVD: CVE-2014-8001
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201411-473
value: HIGH

Trust: 0.6

VULHUB: VHN-75946
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8001
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75946
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75946 // JVNDB: JVNDB-2014-005647 // CNNVD: CNNVD-201411-473 // NVD: CVE-2014-8001

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-75946 // JVNDB: JVNDB-2014-005647 // NVD: CVE-2014-8001

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-473

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201411-473

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005647

PATCH
title:36500url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36500
Trust: 1.5
title:dpb uninitial crash for ECurl:https://github.com/cisco/openh264/pull/1088/files
Trust: 0.8
sources:
            
            
            ZDI: ZDI-14-391 // 
            
            
            
            JVNDB: JVNDB-2014-005647

EXTERNAL IDS
db:NVDid:CVE-2014-8001
Trust: 3.5
db:JVNDBid:JVNDB-2014-005647
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2414
Trust: 0.7
db:ZDIid:ZDI-14-391
Trust: 0.7
db:CNNVDid:CNNVD-201411-473
Trust: 0.7
db:BIDid:71409
Trust: 0.4
db:VULHUBid:VHN-75946
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-391 // 
            
            
            
            VULHUB: VHN-75946 // 
            
            
            
            BID: 71409 // 
            
            
            
            JVNDB: JVNDB-2014-005647 // 
            
            
            
            CNNVD: CNNVD-201411-473 // 
            
            
            
            NVD: CVE-2014-8001

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36500
Trust: 2.4
url:https://github.com/cisco/openh264/pull/1088/files
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8001
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8001
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-14-391 // 
            
            
            
            VULHUB: VHN-75946 // 
            
            
            
            BID: 71409 // 
            
            
            
            JVNDB: JVNDB-2014-005647 // 
            
            
            
            CNNVD: CNNVD-201411-473 // 
            
            
            
            NVD: CVE-2014-8001

CREDITS
Оксана
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-391

SOURCES
db:ZDIid:ZDI-14-391
db:VULHUBid:VHN-75946
db:BIDid:71409
db:JVNDBid:JVNDB-2014-005647
db:CNNVDid:CNNVD-201411-473
db:NVDid:CVE-2014-8001

LAST UPDATE DATE
2025-04-12T23:24:41.001000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-391date:2014-12-03T00:00:00
db:VULHUBid:VHN-75946date:2014-11-26T00:00:00
db:BIDid:71409date:2014-12-05T01:56:00
db:JVNDBid:JVNDB-2014-005647date:2014-11-27T00:00:00
db:CNNVDid:CNNVD-201411-473date:2014-11-26T00:00:00
db:NVDid:CVE-2014-8001date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-14-391date:2014-12-03T00:00:00
db:VULHUBid:VHN-75946date:2014-11-25T00:00:00
db:BIDid:71409date:2014-11-24T00:00:00
db:JVNDBid:JVNDB-2014-005647date:2014-11-27T00:00:00
db:CNNVDid:CNNVD-201411-473date:2014-11-26T00:00:00
db:NVDid:CVE-2014-8001date:2014-11-25T17:59:00.080