CVE-2025-27091 is a vulnerability found in the OpenH264 codec library a widely used tool for H.264 video encoding and decoding developed by Cisco. The issue arises from a race condition in the libraryโs decoding functions. In essence, there is a timing gap between the allocation of memory for a Sequence Parameter Set (SPS) and the subsequent use of memory for a non-Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit. Exploiting this race condition can trigger a heap-based buffer overflow. In practical terms, a remote, unauthenticated attacker could craft a malicious video bitstream that, when processed by a vulnerable client, might cause the application to crash and potentially allow arbitrary code execution. This vulnerability affects OpenH264 versions 2.5.0 and earlier, with the issue being resolved in version 2.6.0. Both Scalable Video Coding (SVC) mode and Advanced Video Coding (AVC) mode are impacted. The vulnerability has been rated as high, with a CVSS v4.0 score of 8.6.
Users and organizations using OpenH264 are advised to upgrade to version 2.6.0 or later to mitigate the risk associated with this vulnerability.
See more details on: