Critical Vulnerability Information Title: CCExtractor ccextractor c65fb08 Memory Corruption Description: - We identified a segmentation fault in the ccextractor program. The crash occurred in the function when attempting to log a message using . - ASAN reports indicate a SEGV caused by a READ memory access at address . This specific pattern ( ) typically indicates that the application is accessing memory that has been freed (Use-After-Free), uninitialized memory, or memory accessed via a dangling pointer, possibly passed to and then to . - The vendor has confirmed and fixed this vulnerability. The fix is available in commit fd7271b. Environment: - OS: Linux x86_64 - Compiler: Clang - Build Configuration: Release mode with ASan enabled Vulnerability Details: - Target: CCExtractor - Vulnerability Type: CWE-416: Use After Free / CWE-457: Use of Uninitialized Memory - Function: → - Location: - Root Cause Analysis: The crash occurred at line 902 in during a call to . Since acts as a wrapper for , the crash trace ends at , indicating that was parsing a format string (possibly containing ) and attempting to compute the length of the corresponding string argument. - Register holds the value . In many debugging environments and sanitizers (such as ASAN with specific flags or certain allocators), is used to poison freed memory. This suggests that holds a pointer to an MP4 box, which was not properly handled or freed at some point during execution.