CVE-2026-7740
Denial of Service in tsMuxer via VvcVpsUnit::setFPS
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| justdan96 | tsmuxer | 2.7.0 |
| justdan96 | tsmuxer | to 2.7.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the tsMuxer software, specifically in the function VvcVpsUnit::setFPS within the file tsMuxer/vvc.cpp. It involves improper handling of the argument track_id, which can cause the program to crash or abort unexpectedly, resulting in a denial of service. The issue arises when processing a VVC (Versatile Video Coding) stream that lacks a valid frames per second (FPS) value, leading to an assertion failure during the attempt to set a default FPS.
The vulnerability requires local access to exploit and affects only versions of tsMuxer up to 2.7.0, which are no longer supported by the maintainer.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition. An attacker with local access can cause the tsMuxer application to abort or crash by exploiting the improper handling of the track_id argument in the setFPS function. This disruption can prevent the normal operation of the software, potentially interrupting media processing tasks that rely on tsMuxer.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the function VvcVpsUnit::setFPS in the tsMuxer software up to version 2.7.0 and requires local access to exploit. Detection involves identifying the presence of the vulnerable tsMuxer version on your system.
Since the vulnerability triggers a denial of service via manipulation of the track_id argument in the vvc.cpp file, monitoring for crashes or aborts related to tsMuxer processes may indicate exploitation attempts.
You can check the installed version of tsMuxer by running commands like:
- tsMuxer --version
- strings $(which tsMuxer) | grep -i version
Additionally, monitoring system logs for tsMuxer crashes or abort messages related to vvc.cpp or assertion failures may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability requires local access and affects unsupported versions of tsMuxer up to 2.7.0, immediate mitigation steps include:
- Avoid running vulnerable versions of tsMuxer on production or sensitive systems.
- Restrict local access to systems running tsMuxer to trusted users only.
- Monitor for abnormal tsMuxer process terminations or crashes that may indicate exploitation.
- Since the project is no longer maintained and no patches are available, consider removing or replacing tsMuxer with alternative software that is actively supported.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details on how the vulnerability in justdan96 tsMuxer up to 2.7.0 affects compliance with common standards and regulations such as GDPR or HIPAA.