Login Sign Up

CVE-2026-1109

5.3 MEDIUM
Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability exists in the rtsp_parse_request function of cijliu librtsp, allowing local attackers to potentially execute arbitrary code or crash the application. This affects systems using vulnerable versions of librtsp, particularly those with local user access. The vulnerability requires local access for exploitation.

💻 Affected Systems

Products:
  • cijliu librtsp
Versions: Up to commit 2ec1a81ad65280568a0c7c16420d7c10fde13b04 (rolling release, no specific version numbers)
Operating Systems: All operating systems running vulnerable librtsp
Default Config Vulnerable: ⚠️ Yes
Notes: The product uses rolling releases, making specific version tracking difficult. All installations up to the vulnerable commit are affected.

📦 What is this software?

Librtsp by Cijliu

View all CVEs affecting Librtsp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise or arbitrary code execution with the privileges of the librtsp process.

🟠

Likely Case

Application crash (denial of service) or limited information disclosure due to buffer overflow.

🟢

If Mitigated

Minimal impact if proper access controls and process isolation are implemented.

🌐 Internet-Facing: LOW - Exploitation requires local access, not remote.
🏢 Internal Only: MEDIUM - Local users could exploit this, but requires specific conditions and access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and specific conditions to trigger the buffer overflow. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check if librtsp is installed on your system. 2. Monitor the official repository for updates. 3. Consider alternative RTSP libraries if no patch is forthcoming.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems running librtsp to reduce attack surface.

Run with minimal privileges

linux

Ensure librtsp processes run with the least privileges necessary.

sudo chown -R nonprivilegeduser:nonprivilegedgroup /path/to/librtsp

🧯 If You Can't Patch

  • Isolate systems running librtsp from other critical systems
  • Implement strict access controls and monitoring for local user activities

🔍 How to Verify

Check if Vulnerable:

Check if librtsp is installed and verify the commit hash is 2ec1a81ad65280568a0c7c16420d7c10fde13b04 or earlier.

Check Version:

git log --oneline -1 (if installed from source) or check package manager for version info

Verify Fix Applied:

Verify the librtsp installation has been updated to a commit after 2ec1a81ad65280568a0c7c16420d7c10fde13b04.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of librtsp processes
  • Unusual local process activity involving librtsp

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Process:Name='librtsp' AND EventType='Crash'

📊 Metadata

CVE ID: CVE-2026-1109
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.01% exploit probability (2.3th percentile)
Published: January 18, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1109, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)