VAR-201411-0252
Vulnerability from variot - Updated: 2023-12-18 12:07Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can overwrite a heap buffer. This could result in the execution of arbitrary code in the context of the application. The Cisco OpenH264 is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user supplied input. Cisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openh264",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "1.2.0"
},
{
"model": "openh264",
"scope": null,
"trust": 0.7,
"vendor": "cisco",
"version": null
},
{
"model": "openh264",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.2.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:openh264:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u041e\u043a\u0441\u0430\u043d\u0430",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8001",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-75946",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8001",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-473",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-75946",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75946"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can overwrite a heap buffer. This could result in the execution of arbitrary code in the context of the application. The Cisco OpenH264 is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user supplied input. \nCisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8001"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "BID",
"id": "71409"
},
{
"db": "VULHUB",
"id": "VHN-75946"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8001",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2414",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-391",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473",
"trust": 0.7
},
{
"db": "BID",
"id": "71409",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-75946",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "VULHUB",
"id": "VHN-75946"
},
{
"db": "BID",
"id": "71409"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
]
},
"id": "VAR-201411-0252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-75946"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:07:48.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "36500",
"trust": 1.5,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36500"
},
{
"title": "dpb uninitial crash for EC",
"trust": 0.8,
"url": "https://github.com/cisco/openh264/pull/1088/files"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75946"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36500"
},
{
"trust": 1.7,
"url": "https://github.com/cisco/openh264/pull/1088/files"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8001"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8001"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "VULHUB",
"id": "VHN-75946"
},
{
"db": "BID",
"id": "71409"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"db": "VULHUB",
"id": "VHN-75946"
},
{
"db": "BID",
"id": "71409"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"db": "NVD",
"id": "CVE-2014-8001"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"date": "2014-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-75946"
},
{
"date": "2014-11-24T00:00:00",
"db": "BID",
"id": "71409"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"date": "2014-11-25T17:59:00.080000",
"db": "NVD",
"id": "CVE-2014-8001"
},
{
"date": "2014-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-391"
},
{
"date": "2014-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-75946"
},
{
"date": "2014-12-05T01:56:00",
"db": "BID",
"id": "71409"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005647"
},
{
"date": "2014-11-26T20:21:37.827000",
"db": "NVD",
"id": "CVE-2014-8001"
},
{
"date": "2014-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco OpenH264 of decode.cpp Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005647"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-473"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…