A vulnerability in the decoding functions
of OpenH264 codec library could allow a remote, unauthenticated
attacker to trigger a heap overflow. This vulnerability is due to
a race condition between a Sequence Parameter Set (SPS) memory
allocation and a subsequent non Instantaneous Decoder Refresh
(non-IDR) Network Abstraction Layer (NAL) unit memory usage. An
attacker could exploit this vulnerability by crafting a malicious
bitstream and tricking a victim user into processing an arbitrary
video containing the malicious bistream. An exploit could allow
the attacker to cause an unexpected crash in the victim's user
decoding client and, possibly, perform arbitrary commands on the
victim's host by abusing the heap overflow.