Vulnerabilities ›

CVE-2026-2889

Low

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only

CWE-119 — Weakness Type

                    Published: Feb 21, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

3.3

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb3ae8a71304ea64f0886324925. You should upgrade the affected component.

🤖 AI Executive Summary

CCExtractor versions up to 0.96.5 contain a use-after-free vulnerability in the MP4 processing function that requires local access to exploit. Upgrading to version 0.96.6 resolves this issue.

📄 Description (Arabic)

تم اكتشاف ثغرة استخدام بعد التحرير في مكتبة CCExtractor في وظيفة معالجة ملفات MP4. تتطلب الثغرة وصول محلي فقط للاستغلال وقد تم الإفصاح عن الاستغلال علناً. يتوفر تصحيح في الإصدار 0.96.6.

🤖 ملخص تنفيذي (AI)

إصدارات CCExtractor حتى 0.96.5 تحتوي على ثغرة استخدام بعد التحرير في وظيفة معالجة MP4 التي تتطلب وصول محلي للاستغلال. يحل الترقية إلى الإصدار 0.96.6 هذه المشكلة.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 08:34

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

media broadcasting government

🎯 MITRE ATT&CK Techniques

T1190 T1068

⚖️ Saudi Risk Score (AI)

3.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade CCExtractor to version 0.96.6 or later. Apply patch fd7271bae238ccb3ae8a71304ea64f0886324925. Restrict local access to systems running vulnerable versions. Monitor for unauthorized local access attempts.

🔧 خطوات المعالجة (العربية)

قم بترقية CCExtractor فوراً إلى الإصدار 0.96.6 أو أحدث. طبق التصحيح fd7271bae238ccb3ae8a71304ea64f0886324925. قيد الوصول المحلي للأنظمة التي تعمل بالإصدارات الضعيفة. راقب محاولات الوصول المحلي غير المصرح به.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12

🟡 ISO 27001:2022

12.6.1 14.2.1

🔗 References & Sources 9

🔗

https://github.com/CCExtractor/ccextractor/

cna@vuldb.com

🔗

https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925

cna@vuldb.com

🔗

https://github.com/CCExtractor/ccextractor/issues/2055

cna@vuldb.com

🔗

https://github.com/CCExtractor/ccextractor/pull/2057

cna@vuldb.com

🔗

https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.6

cna@vuldb.com

🔗

https://github.com/oneafter/0123/blob/main/cc3/repro

cna@vuldb.com

🔗

https://vuldb.com/?ctiid.347182

cna@vuldb.com

🔗

https://vuldb.com/?id.347182

cna@vuldb.com

🔗

https://vuldb.com/?submit.755029

cna@vuldb.com

📊 CVSS Score

3.3

/ 10.0 — Low

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityL — Low / Local

📋 Quick Facts

Severity Low

CVSS Score3.3

CWECWE-119

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-02-21

Source Feed nvd

🇸🇦 Saudi Risk Score

3.0

/ 10.0 — Saudi Risk

Priority: LOW

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-2889

💬 Comments

Introduce Yourself

Sign In Required