CVE-2026-2245 is a vulnerability found in CCExtractor, a tool widely used for extracting closed captions from MPEG transport streams. The issue resides in the MPEG-TS file parser component, specifically within the parse_PAT and parse_PMT functions in the source file src/lib_ccx/ts_tables.c. These functions handle parsing of Program Association Table (PAT) and Program Map Table (PMT) data structures, which are critical for interpreting MPEG transport streams. The vulnerability manifests as an out-of-bounds read due to improper bounds checking when parsing manipulated MPEG-TS data. This can cause the application to read memory beyond the intended buffer, potentially leading to information leakage or application crashes. Exploitation requires local access with limited privileges (PR:L), no user interaction (UI:N), and no authentication (AT:N). The CVSS 4.0 vector indicates a medium severity (4.8), reflecting limited impact and exploitation scope. The vulnerability was publicly disclosed on February 9, 2026, and a patch is available under commit fd7271bae238ccb3ae8a71304ea64f0886324925. No known exploits in the wild have been reported, but a public exploit exists, increasing the risk of local attacks. This vulnerability primarily affects environments where CCExtractor is used to process MPEG-TS files locally, such as media production, broadcasting, and archival systems.

The primary impact of CVE-2026-2245 is the potential for an attacker with local access to cause an out-of-bounds read in CCExtractor, which may lead to information disclosure or application instability including crashes. While the vulnerability does not allow remote exploitation or privilege escalation, it can be leveraged by malicious insiders or attackers who have gained limited local access to sensitive media processing systems. This could result in leakage of sensitive data processed by CCExtractor or denial of service conditions affecting media workflows. Organizations relying on CCExtractor for closed caption extraction in broadcast or media environments may experience operational disruptions or data exposure if the vulnerability is exploited. The medium severity rating reflects the limited attack vector and scope but does not diminish the importance of patching in environments where local access cannot be fully controlled.

To mitigate CVE-2026-2245, organizations should immediately apply the official patch identified by commit fd7271bae238ccb3ae8a71304ea64f0886324925 to all affected CCExtractor installations (version 183 and earlier). Additionally, restrict local access to systems running CCExtractor by enforcing strict access controls and monitoring for unauthorized local user activity. Employ application whitelisting and integrity monitoring to detect unauthorized modifications or exploit attempts. Regularly audit and update media processing environments to ensure they run supported and patched software versions. Consider sandboxing or isolating CCExtractor processes to limit the impact of potential exploitation. Finally, educate local users and administrators about the risks of executing untrusted MPEG-TS files and the importance of applying security updates promptly.