Advisories for Cargo/Openh264-Sys2 package

2025

OpenH264 Rust API Openh264 Decoding Functions Heap Overflow Vulnerability

OpenH264 recently reported a heap overflow that was fixed in upstream 63db555 and integrated into our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0. In other words: if you rely on our source feature only, >=0.6.6 should be safe, if you rely on libloading, you must upgrade to 0.8.0 and use their latest DLL >=2.6.0. …