CVE-2026-2245 is an out-of-bounds read vulnerability found in CCExtractor up to version 183, specifically within the MPEG-TS file parser component. The vulnerability resides in the parse_PAT and parse_PMT functions located in src/lib_ccx/ts_tables.c. These functions parse MPEG Transport Stream (MPEG-TS) Program Association Table (PAT) and Program Map Table (PMT) data, which are critical for interpreting multiplexed media streams. Improper handling or manipulation of these tables can lead to reading memory outside the intended buffer boundaries, resulting in an out-of-bounds read condition. This flaw can be exploited by a local attacker with limited privileges (PR:L) without requiring user interaction or elevated authentication. The out-of-bounds read could potentially expose sensitive memory contents or cause application crashes, impacting confidentiality and availability. The vulnerability does not affect remote attack vectors and requires local access, which limits its exploitation scope. A patch has been released (commit fd7271bae238ccb3ae8a71304ea64f0886324925) that corrects the parsing logic to prevent out-of-bounds memory access. No known exploits are currently active in the wild, but the exploit code is publicly available, increasing the risk of future exploitation. The CVSS 4.0 base score is 4.8, categorized as medium severity, reflecting the limited attack vector and impact scope.

For European organizations, the primary impact of CVE-2026-2245 lies in potential information disclosure and application instability within media processing environments using CCExtractor. Media companies, broadcasters, and content distributors that rely on CCExtractor to parse MPEG-TS streams may face risks if local users or compromised accounts exploit this vulnerability. Although the attack requires local access, insider threats or attackers who gain limited system access could leverage this flaw to read sensitive memory areas or cause denial of service through crashes. This could disrupt media workflows, delay content delivery, or expose sensitive data processed in memory buffers. The impact on confidentiality and availability is moderate due to the local attack vector and lack of remote exploitation. However, given the critical role of media processing in broadcasting and content delivery networks, even localized disruptions can have operational and reputational consequences. Organizations in Europe with significant media infrastructure should assess their exposure and patch promptly to maintain service integrity and data confidentiality.

To mitigate CVE-2026-2245, European organizations should: 1) Immediately apply the official patch identified by commit fd7271bae238ccb3ae8a71304ea64f0886324925 to all CCExtractor installations, ensuring the parsing functions for PAT and PMT are corrected. 2) Restrict local access to systems running CCExtractor to trusted users only, employing strict access controls and monitoring for suspicious activity. 3) Implement application whitelisting and endpoint detection to detect anomalous usage of CCExtractor binaries. 4) Regularly audit media processing environments for outdated CCExtractor versions and enforce timely updates. 5) Conduct internal training to raise awareness about the risks of local exploitation and insider threats in media processing workflows. 6) Consider sandboxing or isolating CCExtractor processes to limit the impact of potential memory corruption. 7) Monitor logs and system behavior for crashes or unusual memory access patterns that could indicate exploitation attempts. These targeted measures go beyond generic patching by emphasizing access control, monitoring, and process isolation tailored to the media processing context.