ByteOS Network

CVE Vulnerability Details :

CVE-2026-2889

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-21 Feb, 2026 | 22:02

Updated At-23 Feb, 2026 | 19:29

▼CVE Numbering Authority (CNA)

CCExtractor mp4.c processmp4 use after free

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb3ae8a71304ea64f0886324925. You should upgrade the affected component.

Affected Products

Vendor

n/a

Product

CCExtractor

Versions

Affected

0.96.0
0.96.1
0.96.2
0.96.3
0.96.4
0.96.5

Unaffected

0.96.6

Problem Types

Type	CWE ID	Description
CWE	CWE-416	Use After Free
CWE	CWE-119	Memory Corruption

Type: CWE

CWE ID: CWE-416

Description: Use After Free

Type: CWE

CWE ID: CWE-119

Description: Memory Corruption

Metrics

Version	Base score	Base severity	Vector
4.0	4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.0	3.3	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2.0	1.7	N/A	AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 1.7

Base severity: N/A

Vector:

AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Credits

reporter

Oneafter (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-02-20 00:00:00
VulDB entry created	2026-02-20 01:00:00
VulDB entry last update	2026-02-20 18:20:15

Event: Advisory disclosed

Date: 2026-02-20 00:00:00

Event: VulDB entry created

Date: 2026-02-20 01:00:00

Event: VulDB entry last update

Date: 2026-02-20 18:20:15

References

Hyperlink	Resource
https://vuldb.com/?id.347182	vdb-entry technical-description
https://vuldb.com/?ctiid.347182	signature permissions-required
https://vuldb.com/?submit.755029	third-party-advisory
https://github.com/CCExtractor/ccextractor/issues/2055	issue-tracking
https://github.com/CCExtractor/ccextractor/pull/2057	issue-tracking
https://github.com/oneafter/0123/blob/main/cc3/repro	exploit
https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925	patch
https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.6	patch
https://github.com/CCExtractor/ccextractor/	product

Hyperlink: https://vuldb.com/?id.347182

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.347182

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.755029

Resource:

third-party-advisory

Hyperlink: https://github.com/CCExtractor/ccextractor/issues/2055

Resource:

issue-tracking

Hyperlink: https://github.com/CCExtractor/ccextractor/pull/2057

Resource:

issue-tracking

Hyperlink: https://github.com/oneafter/0123/blob/main/cc3/repro

Resource:

exploit

Hyperlink: https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925

Resource:

patch

Hyperlink: https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.6

Resource:

patch

Hyperlink: https://github.com/CCExtractor/ccextractor/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References