CVE-2026-1110

low-risk

Published 2026-01-18

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Librtsp

Affected Vendors

Cijliu

References (4)

Exploit https://github.com/fizz-is-on-the-way/vuls_protocol/blob/main/librtsp_rtsp_parse...

Permissions Required https://vuldb.com/?ctiid.341702

Third Party Advisory https://vuldb.com/?id.341702

Third Party Advisory https://vuldb.com/?submit.732603

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal