VAR-201411-0253
Vulnerability from variot - Updated: 2023-12-18 13:14Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. By providing malformed H.264 data to the decoder, an attacker can force a dangling pointer to be referenced after it has been freed. The Cisco OpenH264 is prone to a memory corruption vulnerability. Cisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openh264",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "1.2.0"
},
{
"model": "openh264",
"scope": null,
"trust": 0.7,
"vendor": "cisco",
"version": null
},
{
"model": "openh264",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.2.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:openh264:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u041e\u043a\u0441\u0430\u043d\u0430",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8002",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8002",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-75947",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8002",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-474",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-75947",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file. By providing malformed H.264 data to the decoder, an attacker can force a dangling pointer to be referenced after it has been freed. The Cisco OpenH264 is prone to a memory corruption vulnerability. \nCisco OpenH264 1.0.0, 1.1.1, and 1.2.2 are vulnerable. Cisco OpenH264 is an open source H.264 (video codec technology) encoder and decoder from Cisco",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8002"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "BID",
"id": "71467"
},
{
"db": "VULHUB",
"id": "VHN-75947"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8002",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2415",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-392",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474",
"trust": 0.7
},
{
"db": "BID",
"id": "71467",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-75947",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "BID",
"id": "71467"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
]
},
"id": "VAR-201411-0253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-75947"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:14:43.940000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "36501",
"trust": 1.5,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36501"
},
{
"title": "stop early error for parse/recon MB",
"trust": 0.8,
"url": "https://github.com/cisco/openh264/pull/1096/files"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36501"
},
{
"trust": 1.7,
"url": "https://github.com/cisco/openh264/pull/1096/files"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8002"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8002"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "BID",
"id": "71467"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"db": "VULHUB",
"id": "VHN-75947"
},
{
"db": "BID",
"id": "71467"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"db": "NVD",
"id": "CVE-2014-8002"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"date": "2014-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-75947"
},
{
"date": "2014-11-24T00:00:00",
"db": "BID",
"id": "71467"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"date": "2014-11-25T17:59:01.627000",
"db": "NVD",
"id": "CVE-2014-8002"
},
{
"date": "2014-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-392"
},
{
"date": "2014-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-75947"
},
{
"date": "2014-12-05T00:58:00",
"db": "BID",
"id": "71467"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005648"
},
{
"date": "2014-11-26T20:24:27.010000",
"db": "NVD",
"id": "CVE-2014-8002"
},
{
"date": "2014-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco OpenH264 of decode_slice.cpp Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-474"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…