CVE-2026-0128
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
In the RtcpFbPacket::decodeRtcpFbPacket function, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure without the need for additional execution privileges. User interaction is required for exploitation.
Risk Assessment
The organization is at risk of confidential data leakage through remote information disclosure, potentially compromising system integrity and confidentiality. The attack requires user interaction but no additional privileges.
Recommendation
Apply the patch provided by the software vendor containing the RtcpFbPacket component immediately. Until the update is applied, limit user interaction with untrusted data sources.
Original NVD description (English source)
In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

