Closed
Bug 1105688
(CVE-2014-8001)
Opened 10 years ago
Closed 10 years ago
Cisco OpenH264 Media Processing Buffer Overflow Vulnerability
Categories
(Core :: WebRTC: Audio/Video, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: freddy, Unassigned)
References
(Blocks 1 open bug, )
Details
--- quote from URL --- A vulnerability in applications that use the Cisco OpenH264 library could allow an unauthenticated, remote attacker to cause a denial of service condition or execute arbitrary code. The vulnerability is due to improper handling of input within encoded media files. An unauthenticated, remote attacker could exploit this vulnerability to cause an application using the affected component to terminate unexpectedly or execute arbitrary code with the privileges of the targeted application. Cisco has confirmed the vulnerability and released a software patch. The vulnerability was reported to Cisco by HP's Zero Day Initiative and discovered by Oksana. --- end quote --- This is likely not as bad as it could be, since the plugin runs in a sandbox.
Comment 1•10 years ago
|
||
We were notified in August by HP's ZDI that Oksana had found two problems. At the time we were notified they had already been found/fixed. Here is the commit details to OpenH264 for the fixes: ****************************************************** commit 6489e7b38ad852a20f87214571fac382150dee62 Merge: e66cf53 1ec213d Author: dongzha <dongzha@cisco.com> Date: Tue Jul 8 12:49:42 2014 +0800 Merge pull request #1096 from huili2/early_stop_parse_rec_bug stop early error for parse/recon MB ****************************************************** commit 0ad30516c537bf6d4359e43bbe0185db6abcf809 Merge: ab41e69 f1a0a81 Author: HaiboZhu <haibozhu@cisco.com> Date: Sat Jul 5 13:24:10 2014 +0800 Merge pull request #1088 from huili2/crash_dpb_ec dpb uninitial crash for EC ******************************************************* Since you did not give any details I am going to assume that these are the same ones you are reporting here. These vulnerabilities are not in any release of OpenH264 that is used by Firefox.
Reporter | ||
Comment 2•10 years ago
|
||
All details are in the Cisco webiste linked through the URL field of this bug. Feel free to close out, if they match.
Reporter | ||
Comment 3•10 years ago
|
||
A major news website in Germany reports about these bugs putting Firefox users at risk. Here's what I did to confirm that we are not affected: * The Cisco advisories link to pull requests in the "Vendor Announcements" section (the same as Ethan mentions in comment 1 – oversight on my part). * I browsed the openh264 repository on Github and looked at the branch tagged v1.1, to ensure that the patches were indeed already included (e.g. https://github.com/cisco/openh264/blob/v1.1/codec/decoder/core/src/decode_slice.cpp). They are. * I then looked at about:plugins to verify that Firefox is indeed using version 1.1, which we are. This leads me to the conclusion that the Cisco security alert should have said "versions prior to 1.1 are affected". It says 1.2 and below, which doesn't make a lot of sense. There is no version 1.2
Reporter | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•