CVE-2026-2889
📋 TL;DR
A use-after-free vulnerability in CCExtractor's processmp4 function allows local attackers to potentially execute arbitrary code or cause denial of service. This affects users of CCExtractor versions up to 0.96.5 who process MP4 files. The vulnerability requires local access to exploit.
💻 Affected Systems
- CCExtractor
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise or arbitrary code execution with user privileges
Likely Case
Application crash or denial of service when processing malicious MP4 files
If Mitigated
No impact if proper access controls prevent local users from executing CCExtractor with malicious files
🎯 Exploit Status
Exploit requires local access and ability to feed malicious MP4 files to CCExtractor
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.96.6
Vendor Advisory: https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.6
Restart Required: No
Instructions:
1. Download CCExtractor 0.96.6 from GitHub releases. 2. Replace existing installation with new version. 3. Verify installation with version check.
🔧 Temporary Workarounds
Restrict local user access
linuxLimit which users can execute CCExtractor to reduce attack surface
chmod 750 /usr/local/bin/ccextractor
setfacl -m u:trusteduser:rx /usr/local/bin/ccextractor
Monitor MP4 file processing
allImplement file integrity monitoring for MP4 files processed by CCExtractor
🧯 If You Can't Patch
- Restrict CCExtractor execution to trusted users only
- Implement application whitelisting to prevent unauthorized CCExtractor execution
🔍 How to Verify
Check if Vulnerable:
Check CCExtractor version: ccextractor --versionCheck Version:
ccextractor --versionVerify Fix Applied:
Verify version is 0.96.6 or higher: ccextractor --version | grep -q '0.96.[6-9]\|0.9[7-9]\|[1-9][0-9]'📡 Detection & Monitoring
Log Indicators:
- CCExtractor crash logs
- Segmentation fault errors in system logs when processing MP4 files
Network Indicators:
- None - local vulnerability only
SIEM Query:
process_name:"ccextractor" AND (event_type:"crash" OR error_message:"segmentation fault")🔗 References
- https://github.com/CCExtractor/ccextractor/
- https://github.com/CCExtractor/ccextractor/commit/fd7271bae238ccb3ae8a71304ea64f0886324925
- https://github.com/CCExtractor/ccextractor/issues/2055
- https://github.com/CCExtractor/ccextractor/pull/2057
- https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.6
- https://github.com/oneafter/0123/blob/main/cc3/repro
- https://vuldb.com/?ctiid.347182
- https://vuldb.com/?id.347182
- https://vuldb.com/?submit.755029
