FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2025-06-26 16:42:54 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| 03ba1cdd-4faf-11f0-af06-00a098b42aeb | cisco -- OpenH264 Decoding Functions Heap Overflow Vulnerability
Cisco reports:
A vulnerability in the decoding functions
of OpenH264 codec library could allow a remote, unauthenticated
attacker to trigger a heap overflow. This vulnerability is due to
a race condition between a Sequence Parameter Set (SPS) memory
allocation and a subsequent non Instantaneous Decoder Refresh
(non-IDR) Network Abstraction Layer (NAL) unit memory usage. An
attacker could exploit this vulnerability by crafting a malicious
bitstream and tricking a victim user into processing an arbitrary
video containing the malicious bistream. An exploit could allow
the attacker to cause an unexpected crash in the victim's user
decoding client and, possibly, perform arbitrary commands on the
victim's host by abusing the heap overflow.
Discovery 2025-02-20
Entry 2025-06-22
openh264
< 2.5.1
CVE-2025-27091
https://nvd.nist.gov/vuln/detail/CVE-2025-27091
|