CVE-2026-2889
CCExtractor mp4.c processmp4 use after free
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb3ae8a71304ea64f0886324925. You should upgrade the affected component.
| CWE | CWE-416 CWE-119 |
| Vendor | n/a |
| Product | ccextractor |
| Published | Feb 21, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a ccextractor
Be the first to know when new low vulnerabilities affecting n/a ccextractor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / CCExtractor
0.96.0 0.96.1 0.96.2 0.96.3 0.96.4 0.96.5
References
vuldb.com: https://vuldb.com/?id.347182 vuldb.com: https://vuldb.com/?ctiid.347182 vuldb.com: https://vuldb.com/?submit.755029 github.com: https://github.com/CCExtractor/ccextractor/issues/2055 github.com: https://github.com/CCExtractor/ccextractor/pull/2057 github.com: https://github.com/oneafter/0123/blob/main/cc3/repro github.com: https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925 github.com: https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.6 github.com: https://github.com/CCExtractor/ccextractor/
Credits
๐ Oneafter (VulDB User)