Sign-up

ID

VAR-201411-0253


CVE

CVE-2014-8002


TITLE

Cisco OpenH264 of decode_slice.cpp Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-005648

DESCRIPTION

Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. By providing malformed H.264 data to the decoder, an attacker can force a dangling pointer to be referenced after it has been freed. The Cisco OpenH264 is prone to a memory corruption vulnerability. Cisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco

Trust: 2.61

sources: NVD: CVE-2014-8002 // JVNDB: JVNDB-2014-005648 // ZDI: ZDI-14-392 // BID: 71467 // VULHUB: VHN-75947

AFFECTED PRODUCTS

vendor:ciscomodel:openh264scope:lteversion:1.2.0

Trust: 1.8

vendor:ciscomodel:openh264scope: - version: -

Trust: 0.7

vendor:ciscomodel:openh264scope:eqversion:1.2.0

Trust: 0.6

sources: ZDI: ZDI-14-392 // JVNDB: JVNDB-2014-005648 // CNNVD: CNNVD-201411-474 // NVD: CVE-2014-8002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8002
value: HIGH

Trust: 1.0

NVD: CVE-2014-8002
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201411-474
value: HIGH

Trust: 0.6

VULHUB: VHN-75947
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8002
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75947
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75947 // JVNDB: JVNDB-2014-005648 // CNNVD: CNNVD-201411-474 // NVD: CVE-2014-8002

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-75947 // JVNDB: JVNDB-2014-005648 // NVD: CVE-2014-8002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-474

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201411-474

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005648

PATCH
title:36501url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36501
Trust: 1.5
title:stop early error for parse/recon MBurl:https://github.com/cisco/openh264/pull/1096/files
Trust: 0.8
sources:
            
            
            ZDI: ZDI-14-392 // 
            
            
            
            JVNDB: JVNDB-2014-005648

EXTERNAL IDS
db:NVDid:CVE-2014-8002
Trust: 3.5
db:JVNDBid:JVNDB-2014-005648
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2415
Trust: 0.7
db:ZDIid:ZDI-14-392
Trust: 0.7
db:CNNVDid:CNNVD-201411-474
Trust: 0.7
db:BIDid:71467
Trust: 0.4
db:VULHUBid:VHN-75947
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-392 // 
            
            
            
            VULHUB: VHN-75947 // 
            
            
            
            BID: 71467 // 
            
            
            
            JVNDB: JVNDB-2014-005648 // 
            
            
            
            CNNVD: CNNVD-201411-474 // 
            
            
            
            NVD: CVE-2014-8002

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36501
Trust: 2.4
url:https://github.com/cisco/openh264/pull/1096/files
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8002
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8002
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-14-392 // 
            
            
            
            VULHUB: VHN-75947 // 
            
            
            
            BID: 71467 // 
            
            
            
            JVNDB: JVNDB-2014-005648 // 
            
            
            
            CNNVD: CNNVD-201411-474 // 
            
            
            
            NVD: CVE-2014-8002

CREDITS
Оксана
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-392

SOURCES
db:ZDIid:ZDI-14-392
db:VULHUBid:VHN-75947
db:BIDid:71467
db:JVNDBid:JVNDB-2014-005648
db:CNNVDid:CNNVD-201411-474
db:NVDid:CVE-2014-8002

LAST UPDATE DATE
2025-04-12T23:15:53.472000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-392date:2014-12-03T00:00:00
db:VULHUBid:VHN-75947date:2014-11-26T00:00:00
db:BIDid:71467date:2014-12-05T00:58:00
db:JVNDBid:JVNDB-2014-005648date:2014-11-27T00:00:00
db:CNNVDid:CNNVD-201411-474date:2014-11-26T00:00:00
db:NVDid:CVE-2014-8002date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-14-392date:2014-12-03T00:00:00
db:VULHUBid:VHN-75947date:2014-11-25T00:00:00
db:BIDid:71467date:2014-11-24T00:00:00
db:JVNDBid:JVNDB-2014-005648date:2014-11-27T00:00:00
db:CNNVDid:CNNVD-201411-474date:2014-11-26T00:00:00
db:NVDid:CVE-2014-8002date:2014-11-25T17:59:01.627