CVE-2026-2245

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-2245
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2245.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-2245
Downstream
Published
2026-02-09T20:15:59.270Z
Modified
2026-02-11T02:57:45.030581Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A vulnerability was identified in CCExtractor up to 183. This affects the function parsePAT/parsePMT in the library src/libccx/tstables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is fd7271bae238ccb3ae8a71304ea64f0886324925. It is best practice to apply a patch to resolve this issue.

References

Affected packages

Git / github.com/ccextractor/ccextractor

Affected ranges

Type
GIT
Repo
https://github.com/ccextractor/ccextractor
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fd7271bae238ccb3ae8a71304ea64f0886324925

Affected versions

v0.*
v0.70
v0.71
v0.72
v0.73
v0.74
v0.75
v0.76
v0.77
v0.78
v0.79
v0.80
v0.81
v0.82
v0.83
v0.84
v0.85
v0.85b
v0.86
v0.87
v0.88
v0.89
v0.90
v0.91
v0.92
v0.93
v0.94
v0.96
v0.96.1
v0.96.2
v0.96.3
v0.96.4
v0.96.5

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2026-2245-2da52f3c",
        "target": {
            "file": "src/lib_ccx/mp4.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "268084206463964796024015378500305838941",
                "254774608404346571179725158523098331095",
                "181555103938976803185625693980704197134",
                "13895809837220784386125091335733592582"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/ccextractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2026-2245-3dcf91e3",
        "target": {
            "file": "src/lib_ccx/ts_tables.c",
            "function": "parse_PMT"
        },
        "digest": {
            "length": 9778.0,
            "function_hash": "168783320918762457692703000749359075553"
        },
        "signature_version": "v1",
        "source": "https://github.com/ccextractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2026-2245-6643399d",
        "target": {
            "file": "src/lib_ccx/mp4.c",
            "function": "processmp4"
        },
        "digest": {
            "length": 9048.0,
            "function_hash": "319390203887814197306087676168967181488"
        },
        "signature_version": "v1",
        "source": "https://github.com/ccextractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2026-2245-a9c8aa4a",
        "target": {
            "file": "src/lib_ccx/ts_tables.c",
            "function": "parse_PAT"
        },
        "digest": {
            "length": 3574.0,
            "function_hash": "163437826467338751066847268261177864261"
        },
        "signature_version": "v1",
        "source": "https://github.com/ccextractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2026-2245-bb458d24",
        "target": {
            "file": "src/lib_ccx/ts_tables.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "262233263044280559635643805212158708491",
                "186397457794567455341493973677993329934",
                "144833588488660765080911707542795417449",
                "222701608767875312846042142437623115307",
                "72091544595478024960231427334144362229",
                "274910035117258086469502219878236509258",
                "98069193800936354371588285816871594953",
                "287258658584949710030799267683252424354",
                "322249709969136488743348381363505130157",
                "133971348316274134195358327798707233385",
                "192690021554753830910145047033638215929",
                "165996735762037891307360703542698719073",
                "20631365143687003979010250023609770440",
                "299941716532484618942222197046988800391",
                "140964611875614036063826884500367932259",
                "216120134842979986078832162294962308555"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/ccextractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2245.json"