CVE-2026-1108
Unknown Unknown - Not Provided
Buffer Overflow in cijliu librtsp rtsp_rely_dumps Function

Publication date: 2026-01-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsp_rely_dumps. The manipulation leads to buffer overflow. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-18
Last Modified
2026-04-29
Generated
2026-05-27
AI Q&A
2026-01-18
EPSS Evaluated
2026-05-25
NVD
CVE-2026-1108
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cijliu librtsp to 2021-03-14 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-1108 is a buffer overflow vulnerability in the cijliu librtsp library, specifically in the function rtsp_rely_dumps. The function copies an input buffer to an output buffer without checking if the input size fits, which can cause a buffer overflow. This flaw requires local access to exploit and can compromise the system's confidentiality, integrity, and availability. [2, 3]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an attacker with local access to cause a buffer overflow, potentially compromising the confidentiality, integrity, and availability of your system. It can lead to system crashes or unauthorized access to sensitive information. The vulnerability is considered moderately severe and easy to exploit locally. [2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability is a local buffer overflow in the function rtsp_rely_dumps of the cijliu librtsp library. Detection would require checking if the affected librtsp version (up to commit 2ec1a81ad65280568a0c7c16420d7c10fde13b04) is present on the system. Since exploitation requires local access and involves buffer overflow, network detection is unlikely. No specific detection commands or signatures are provided. It is suggested to review the library version and monitor for local suspicious activity related to librtsp usage. [2, 3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing the affected librtsp library with an alternative product, as no patches or fixed versions are available due to the rolling release model and lack of vendor response. Additionally, restrict local access to trusted users only to prevent exploitation, and monitor systems for unusual local activity involving librtsp. Since no known mitigations or countermeasures have been published, limiting local privileges and access is critical. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart