Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
CCExtractor: Local Attack Possible with Outdated Version
CVE-2026-2889
Summary
A security issue in CCExtractor versions up to 0.96.5 allows an attacker with local access to potentially cause system instability. To fix this, update CCExtractor to version 0.96.6 as soon as possible. This will prevent any potential issues.
Original title
A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is on...
Original description
A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb3ae8a71304ea64f0886324925. You should upgrade the affected component.
nvd CVSS2.0
1.7
nvd CVSS3.1
3.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-416
Use After Free
- https://github.com/CCExtractor/ccextractor/issues/2055
- https://github.com/CCExtractor/ccextractor/pull/2057
- https://github.com/CCExtractor/ccextractor/
- https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f...
- https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.6
- https://github.com/oneafter/0123/blob/main/cc3/repro
- https://vuldb.com/?ctiid.347182
- https://vuldb.com/?id.347182
- https://vuldb.com/?submit.755029
Published: 21 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026