CVE-2026-2245 in CCExtractor
Summary
by MITRE • 02/09/2026
A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is fd7271bae238ccb3ae8a71304ea64f0886324925. It is best practice to apply a patch to resolve this issue.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/10/2026
The vulnerability CVE-2026-2245 represents a critical out-of-bounds read flaw within CCExtractor version 183 and earlier, specifically affecting the MPEG-TS File Parser component. This issue resides in the ts_tables.c source file at the parse_PAT/parse_PMT function implementation, where improper input validation allows malicious data manipulation to trigger memory access violations. The vulnerability specifically impacts the transport stream table parsing functionality that processes Program Association Tables and Program Map Tables, which are fundamental components of MPEG-2 Transport Stream format used extensively in broadcast television and digital media applications. The flaw stems from inadequate bounds checking when processing table entries, allowing attackers to craft specially formatted input that causes the parser to read memory beyond allocated buffer boundaries.
The technical exploitation of this vulnerability requires local environment access and leverages a publicly available exploit, making it particularly concerning for systems where untrusted input processing is performed. The out-of-bounds read condition occurs when the parser encounters malformed or crafted MPEG-TS files that contain unexpected table structures or invalid entry counts. This type of vulnerability falls under CWE-129, which specifically addresses insufficient validation of length of input buffers, and more broadly relates to CWE-787, which covers out-of-bounds write operations. The ATT&CK framework categorizes this under T1059.007 for Command and Scripting Interpreter - Python, as CCExtractor is commonly implemented in Python environments, and potentially T1203 for Exploitation for Client Execution when the vulnerability is exploited through media file processing.
The operational impact of this vulnerability extends beyond simple memory corruption, as it could potentially lead to denial of service conditions, information disclosure, or even remote code execution depending on the system environment and how the parser is integrated. Systems that process untrusted video files, particularly those involving broadcast television content or digital media workflows, face significant risk from this vulnerability. The patch identified by commit hash fd7271bae238ccb3ae8a71304ea64f0886324925 implements proper bounds checking and input validation measures that prevent the parser from accessing memory beyond allocated buffers. Organizations should prioritize patching this vulnerability as it affects core media processing functionality and represents a readily exploitable condition that could compromise system integrity. The local execution requirement does not mitigate the risk since attackers could potentially leverage other attack vectors to deliver malicious files to systems running CCExtractor, particularly in environments where automated media processing is performed on user-uploaded content or broadcast feeds.