Suggestions search

All statuses

Filter by:

With package: ccextractor

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-2889

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months ago Activity log

Created suggestion 2 months ago

CCExtractor mp4.c processmp4 use after free

A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb3ae8a71304ea64f0886324925. You should upgrade the affected component.

References

VDB-347182 | CCExtractor mp4.c processmp4 use after free vdb-entrytechnical-description
VDB-347182 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #755029 | CCExtractor ccextractor c65fb08 Memory Corruption third-party-advisory
https://github.com/CCExtractor/ccextractor/issues/2055 issue-tracking
https://github.com/CCExtractor/ccextractor/pull/2057 issue-tracking
https://github.com/oneafter/0123/blob/main/cc3/repro exploit
https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64… patch
https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.6 patch
https://github.com/CCExtractor/ccextractor/ product

Affected products

CCExtractor

==0.96.5
==0.96.4
==0.96.3
==0.96.2
==0.96.6
==0.96.0
==0.96.1

Matching in nixpkgs

pkgs.ccextractor

Tool that produces subtitles from closed caption data in videos

nixos-unstable 0.94-unstable-2025-05-20
- nixpkgs-unstable 0.94-unstable-2025-05-20
- nixos-unstable-small 0.94-unstable-2025-05-20
nixos-25.11 0.94-unstable-2025-05-20
- nixos-25.11-small 0.94-unstable-2025-05-20
- nixpkgs-25.11-darwin 0.94-unstable-2025-05-20

Package maintainers

@emilazy Emily <nixpkgs@emily.moe>

Untriaged

Permalink CVE-2026-2245

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

CCExtractor MPEG-TS File ts_tables.c parse_PMT out-of-bounds

A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is fd7271bae238ccb3ae8a71304ea64f0886324925. It is best practice to apply a patch to resolve this issue.

References

VDB-344991 | CCExtractor MPEG-TS File ts_tables.c parse_PMT out-of-bounds vdb-entrytechnical-description
VDB-344991 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #753159 | CCExtractor ccextractor c65fb08 Heap-based Buffer Overflow third-party-advisory
Submit #753160 | CCExtractor ccextractor c65fb08 Heap-based Buffer Overflow (Duplicate) third-party-advisory
https://github.com/CCExtractor/ccextractor/issues/2053 issue-tracking
https://github.com/CCExtractor/ccextractor/pull/2057 issue-tracking
https://github.com/oneafter/0123/blob/main/cc1/repro exploit
https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64… patch
https://github.com/CCExtractor/ccextractor/ product

Affected products

CCExtractor

==183

Matching in nixpkgs

pkgs.ccextractor

Tool that produces subtitles from closed caption data in videos

nixos-unstable 0.94-unstable-2025-05-20
- nixpkgs-unstable 0.94-unstable-2025-05-20
- nixos-unstable-small 0.94-unstable-2025-05-20
nixos-25.11 0.94-unstable-2025-05-20
- nixpkgs-25.11-darwin 0.94-unstable-2025-05-20

Package maintainers

@emilazy Emily <nixpkgs@emily.moe>