CVE-2026-0147
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk18th percentile - higher than 18% of all known CVEs
Summary
In the function __mfc_core_nal_q_get_dec_metadata_sei_nal in the file mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.
Risk Assessment
This vulnerability poses a serious risk to organizations as it allows for remote code execution without user interaction, potentially leading to system compromise.
Recommendation
It is recommended to update the software to mitigate this vulnerability and implement additional security measures to minimize risk.
Original NVD description (English source)
In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

