2347089 – CVE-2025-27091 openh264: decoding functions heap overflow [epel-all]

Bug 2347089 - CVE-2025-27091 openh264: decoding functions heap overflow [epel-all]

Summary: CVE-2025-27091 openh264: decoding functions heap overflow [epel-all]

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	openh264
Sub Component:
Version:	epel10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Wim Taymans
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	MultimediaSIG
TreeView+	depends on / blocked

Reported:	2025-02-22 12:21 UTC by Leon Fauster
Modified:	2025-03-16 23:13 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x	0	None	None	None	2025-02-24 11:00:14 UTC

Description Leon Fauster 2025-02-22 12:21:07 UTC

Description of problem:

Severity High 8.6 / 10

OpenH264 Decoding Functions Heap Overflow Vulnerability

https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x

https://security-tracker.debian.org/tracker/CVE-2025-27091

Fixed in v2.6.0

Comment 1 Dominik 'Rathann' Mierzejewski 2025-02-24 10:58:55 UTC

EPEL10 is vulnerable, too.

Note You need to log in before you can comment on or make changes to this bug.