Full title: Cisco OpenH264 Use-After-Free Remote Code Execution Vulnerability Category: remote exploits Platform: hardware This vulnerability allows remote attackers to execute arbitrary code on applications using vulnerable versions of Cisco OpenH264. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can force a dangling pointer to be referenced after it has been freed. This could result in the execution of arbitrary code in the context of the application. A vulnerability in applications that use the Cisco OpenH264 library could allow an unauthenticated, remote attacker to cause a denial of service condition or execute arbitrary code. The vulnerability is due to improper handling of input within encoded media files. An unauthenticated, remote attacker could exploit this vulnerability to cause an application using the affected component to terminate unexpectedly or execute arbitrary code with the privileges of the targeted application. Cisco has confirmed the vulnerability and released a software patch. # 0day.today @ http://0day.today/