{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2245", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-09T12:10:11.207Z", "datePublished": "2026-02-09T19:02:10.417Z", "dateUpdated": "2026-02-23T10:00:52.166Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:00:52.166Z"}, "title": "CCExtractor MPEG-TS File ts_tables.c parse_PMT out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "CCExtractor", "versions": [{"version": "183", "status": "affected"}], "modules": ["MPEG-TS File Parser"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is fd7271bae238ccb3ae8a71304ea64f0886324925. It is best practice to apply a patch to resolve this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-09T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-10T13:41:59.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.344991", "name": "VDB-344991 | CCExtractor MPEG-TS File ts_tables.c parse_PMT out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344991", "name": "VDB-344991 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753159", "name": "Submit #753159 | CCExtractor ccextractor c65fb08 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.753160", "name": "Submit #753160 | CCExtractor ccextractor c65fb08 Heap-based Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CCExtractor/ccextractor/issues/2053", "tags": ["issue-tracking"]}, {"url": "https://github.com/CCExtractor/ccextractor/pull/2057", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0123/blob/main/cc1/repro", "tags": ["exploit"]}, {"url": "https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925", "tags": ["patch"]}, {"url": "https://github.com/CCExtractor/ccextractor/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T20:03:57.209268Z", "id": "CVE-2026-2245", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T20:04:10.828Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2245", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T20:03:57.209268Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T20:04:06.793Z"}}], "cna": {"tags": ["x_open-source"], "title": "CCExtractor MPEG-TS File ts_tables.c parse_PMT out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["MPEG-TS File Parser"], "product": "CCExtractor", "versions": [{"status": "affected", "version": "183"}]}], "timeline": [{"lang": "en", "time": "2026-02-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-09T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-10T13:41:59.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.344991", "name": "VDB-344991 | CCExtractor MPEG-TS File ts_tables.c parse_PMT out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344991", "name": "VDB-344991 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753159", "name": "Submit #753159 | CCExtractor ccextractor c65fb08 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.753160", "name": "Submit #753160 | CCExtractor ccextractor c65fb08 Heap-based Buffer Overflow (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CCExtractor/ccextractor/issues/2053", "tags": ["issue-tracking"]}, {"url": "https://github.com/CCExtractor/ccextractor/pull/2057", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0123/blob/main/cc1/repro", "tags": ["exploit"]}, {"url": "https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925", "tags": ["patch"]}, {"url": "https://github.com/CCExtractor/ccextractor/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is fd7271bae238ccb3ae8a71304ea64f0886324925. It is best practice to apply a patch to resolve this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:00:52.166Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2245", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:00:52.166Z", "dateReserved": "2026-02-09T12:10:11.207Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-09T19:02:10.417Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is fd7271bae238ccb3ae8a71304ea64f0886324925. It is best practice to apply a patch to resolve this issue."}, {"lang": "es", "value": "Una vulnerabilidad fue identificada en CCExtractor hasta 183. Esto afecta la funci\u00f3n parse_PAT/parse_PMT en la biblioteca src/lib_ccx/ts_tables.c del componente MPEG-TS File Parser. Dicha manipulaci\u00f3n conduce a lectura fuera de l\u00edmites. El ataque solo puede realizarse desde un entorno local. El exploit est\u00e1 disponible p\u00fablicamente y podr\u00eda ser utilizado. El nombre del parche es fd7271bae238ccb3ae8a71304ea64f0886324925. Es una buena pr\u00e1ctica aplicar un parche para resolver este problema."}], "id": "CVE-2026-2245", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-09T20:15:59.270", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/CCExtractor/ccextractor/"}, {"source": "cna@vuldb.com", "url": "https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925"}, {"source": "cna@vuldb.com", "url": "https://github.com/CCExtractor/ccextractor/issues/2053"}, {"source": "cna@vuldb.com", "url": "https://github.com/CCExtractor/ccextractor/pull/2057"}, {"source": "cna@vuldb.com", "url": "https://github.com/oneafter/0123/blob/main/cc1/repro"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.344991"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.344991"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.753159"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.753160"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "183"}}], "product": "ccextractor", "vendor": "ccextractor"}], "analysis": {"en": {"generated_at": "2026-04-18T18:14:28.666367+00:00", "value": {"mitigation_remediation": ["Update CCExtractor to the patched version containing commit fd7271bae238ccb3ae8a71304ea64f0886324925 or later.", "If updating is not immediately possible, restrict execution of the CCExtractor binary to trusted users and prevent unauthenticated local users from providing custom MPEG\u2011TS inputs.", "Implement additional validation or size limits on input data to mitigate the effect of malformed tables before they reach the parsing logic."], "summary": {"action": "Patch", "impact": "Out-of-bounds read leading to potential information disclosure"}, "threat_synthesis": {"affected_systems": "CCExtractor versions up to 183 are affected, specifically the src/lib_ccx/ts_tables.c module that parses MPEG\u2011TS files. The vulnerability is present until the patch identified by commit fd7271bae238ccb3ae8a71304ea64f0886324925 is applied, after which the out-of-bounds read is resolved.", "description_and_impact": "The vulnerability resides in the parse_PAT and parse_PMT functions of CCExtractor\u2019s MPEG\u2011TS file parser, causing an out-of-bounds read when processing malformed program association and program map tables. Because the read occurs on data supplied from an MPEG\u2011TS source, an attacker could extract that memory, resulting in disclosure of sensitive information but not code execution or modification. The weakness aligns with CWE\u2011119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE\u2011125 (Out-of-bounds Read).", "risk_and_exploitability": "With a CVSS score of 4.8, the impact is moderate, and the EPSS score of less than 1% indicates a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, but the exploit code is publicly available and might be used. The attack vector is local; the attacker must supply a crafted MPEG\u2011TS file to the vulnerable process. While the attack cannot bypass local privilege restrictions, it can compromise confidentiality for the running user."}}}}, "created": "2026-02-10T15:37:32.767887+00:00", "updated": "2026-04-18T18:15:06.623496+00:00", "vendors": ["ccextractor", "ccextractor$PRODUCT$ccextractor"]}