CVE-2026-7740
Received Received - Intake
Denial of Service in tsMuxer via VvcVpsUnit::setFPS

Publication date: 2026-05-04

Last updated on: 2026-05-04

Assigner: VulDB

Description
A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-05-04
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7740
EUVD
EUVD-2026-26923
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
justdan96 tsmuxer 2.7.0
justdan96 tsmuxer to 2.7.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the tsMuxer software, specifically in the function VvcVpsUnit::setFPS within the file tsMuxer/vvc.cpp. It involves improper handling of the argument track_id, which can cause the program to crash or abort unexpectedly, resulting in a denial of service. The issue arises when processing a VVC (Versatile Video Coding) stream that lacks a valid frames per second (FPS) value, leading to an assertion failure during the attempt to set a default FPS.

The vulnerability requires local access to exploit and affects only versions of tsMuxer up to 2.7.0, which are no longer supported by the maintainer.

Compliance Impact

The provided information does not include any details on how the vulnerability in justdan96 tsMuxer up to 2.7.0 affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition. An attacker with local access can cause the tsMuxer application to abort or crash by exploiting the improper handling of the track_id argument in the setFPS function. This disruption can prevent the normal operation of the software, potentially interrupting media processing tasks that rely on tsMuxer.

Detection Guidance

This vulnerability affects the function VvcVpsUnit::setFPS in the tsMuxer software up to version 2.7.0 and requires local access to exploit. Detection involves identifying the presence of the vulnerable tsMuxer version on your system.

Since the vulnerability triggers a denial of service via manipulation of the track_id argument in the vvc.cpp file, monitoring for crashes or aborts related to tsMuxer processes may indicate exploitation attempts.

You can check the installed version of tsMuxer by running commands like:

  • tsMuxer --version
  • strings $(which tsMuxer) | grep -i version

Additionally, monitoring system logs for tsMuxer crashes or abort messages related to vvc.cpp or assertion failures may help detect exploitation attempts.

Mitigation Strategies

Since the vulnerability requires local access and affects unsupported versions of tsMuxer up to 2.7.0, immediate mitigation steps include:

  • Avoid running vulnerable versions of tsMuxer on production or sensitive systems.
  • Restrict local access to systems running tsMuxer to trusted users only.
  • Monitor for abnormal tsMuxer process terminations or crashes that may indicate exploitation.
  • Since the project is no longer maintained and no patches are available, consider removing or replacing tsMuxer with alternative software that is actively supported.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7740. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart