CVE-2025-27091 – A heap overflow vulnerability in OpenH264 video... (How to Fix)

Q: What is the severity of CVE-2025-27091?

CVE-2025-27091 has a CVSS score of 7.5 (HIGH). A heap overflow vulnerability in OpenH264 video codec library allows remote attackers to crash applications or potentially execute arbitrary code by tricking users into processing malicious video files. This affects all systems using OpenH264 version 2.5.0 or earlier for video decoding. Both AVC and SVC encoding modes are vulnerable.

📋 TL;DR

A heap overflow vulnerability in OpenH264 video codec library allows remote attackers to crash applications or potentially execute arbitrary code by tricking users into processing malicious video files. This affects all systems using OpenH264 version 2.5.0 or earlier for video decoding. Both AVC and SVC encoding modes are vulnerable.

💻 Affected Systems

Products:

OpenH264 codec library

Versions: 2.5.0 and earlier

Operating Systems: All platforms using OpenH264

Default Config Vulnerable: ⚠️ Yes

Notes: Both AVC and SVC encoding modes are affected. Any application using OpenH264 for video decoding is vulnerable.

📦 What is this software?

Openh264 by Cisco

View all CVEs affecting Openh264 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise via heap overflow exploitation

🟠

Likely Case

Application crashes and denial of service when processing malicious video content

🟢

If Mitigated

Limited to denial of service if exploit fails to achieve code execution

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation via video processing

🏢 Internal Only: MEDIUM - Requires user interaction with malicious video files

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious video bitstreams and user interaction to process them. Race condition makes reliable exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.0 and later

Vendor Advisory: https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x

Restart Required: No

Instructions:

1. Download OpenH264 version 2.6.0 or later from GitHub releases. 2. Replace existing OpenH264 library files with patched version. 3. Recompile applications if statically linked. 4. Restart applications using OpenH264.

🔧 Temporary Workarounds

No known workarounds

all

The vendor advisory states there are no known workarounds for this vulnerability

🧯 If You Can't Patch

Disable video processing features that use OpenH264 in affected applications
Implement strict input validation and sandboxing for video processing components

🔍 How to Verify

Check if Vulnerable:

Check OpenH264 library version. If version is 2.5.0 or earlier, system is vulnerable.

Check Version:

ldd /path/to/application | grep openh264 or check library version directly

Verify Fix Applied:

Verify OpenH264 version is 2.6.0 or later. Test with known malicious video samples if available.

📡 Detection & Monitoring

Log Indicators:

Application crashes during video processing
Memory access violation errors
Heap corruption warnings

Network Indicators:

Unusual video file transfers
Video processing from untrusted sources

SIEM Query:

Application:openh264 AND (EventID:1000 OR EventID:1001) OR Process:openh264 AND ExceptionCode:c0000005

📊 Metadata

CVE ID: CVE-2025-27091

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.59% exploit probability (68.8th percentile)

Published: February 20, 2025

Last Updated: May 6, 2025

🔗 References

https://github.com/cisco/openh264/releases/tag/v2.6.0 Release Notes
https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27091, you might also want to check these: