CVE Catalog

CVE-2026-0128

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

In the RtcpFbPacket::decodeRtcpFbPacket function, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure without the need for additional execution privileges. User interaction is required for exploitation.

Risk Assessment

The organization is at risk of confidential data leakage through remote information disclosure, potentially compromising system integrity and confidentiality. The attack requires user interaction but no additional privileges.

Recommendation

Apply the patch provided by the software vendor containing the RtcpFbPacket component immediately. Until the update is applied, limit user interaction with untrusted data sources.

Original NVD description (English source)

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS