Description
A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. Attacking locally is a requirement. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-01-18
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Buffer Overflow leading to potential code execution
Action: Assess Impact
AI Analysis

Impact

The vulnerability occurs in the rtsp_parse_request function of the cijliu librtsp library, specifically due to a buffer overflow that can be triggered by crafted input. If an attacker can supply malicious data to this function while having local access, the overflow could overwrite adjacent memory, potentially enabling execution of arbitrary code. This represents a classic out‑of‑bounds write flaw (CWE‑119) that, if exploited, compromises the integrity of the affected process. No remote exploits are described; the attack requires local privilege to supply the malicious payload.

Affected Systems

The affected product is the cijliu librtsp library with all upstream releases up to the identified commit 2ec1a81ad65280568a0c7c16420d7c10fde13b04. No specific version numbers are provided, as the vendor follows a rolling release model and has not published a fix. All systems running uninterrupted instances of librtsp during the vulnerability window are potentially exposed.

Risk and Exploitability

The CVSS base score is 4.8, reflecting a moderate severity when combined with the local attack surface. The EPSS score of less than 1% indicates a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not been observed in the wild. Exploitation requires local access, which limits the attack surface but does not eliminate risk, especially in multi‑user environments where privilege escalation is possible. Until an official patch is released, users should consider mitigating local access controls and monitoring for anomalous activity.

Generated by OpenCVE AI on April 18, 2026 at 05:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict local access to the systems running librtsp, limiting use to trusted users or groups.
  • Monitor the processes that use rtsp_parse_request for signs of abnormal memory usage or crashes.
  • Once a vendor patch or updated release is available, update the library immediately.

Generated by OpenCVE AI on April 18, 2026 at 05:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cijliu:librtsp:*:*:*:*:*:*:*:*

Tue, 20 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Cijliu
Cijliu librtsp
Vendors & Products Cijliu
Cijliu librtsp

Sun, 18 Jan 2026 03:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. Attacking locally is a requirement. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Title cijliu librtsp rtsp_parse_request buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Cijliu Librtsp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:35:50.506Z

Reserved: 2026-01-17T08:49:18.470Z

Link: CVE-2026-1109

cve-icon Vulnrichment

Updated: 2026-01-20T17:10:07.708Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-18T04:15:59.613

Modified: 2026-02-17T18:34:19.773

Link: CVE-2026-1109

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:45:38Z

Weaknesses