DEBIAN-CVE-2026-2889

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-2889

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-2889.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-2889

Upstream

CVE-2026-2889

Published

2026-02-21T22:15:59.353Z

Modified

2026-02-22T11:15:37.237010Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb3ae8a71304ea64f0886324925. You should upgrade the affected component.

References

https://security-tracker.debian.org/tracker/CVE-2026-2889

Affected packages

Debian:11 / ccextractor

Package

Name: ccextractor
Purl: pkg:deb/debian/ccextractor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.88+ds1-1

0.93+ds1-1

0.93+ds2-1

0.93+ds2-2

0.94+ds1-1

0.94+ds1-2

0.94+ds1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-2889.json"