Primary

Context

justdan96 tsMuxer Denial-of-Service Vulnerability in HevcVpsUnit::setFPS Function

Vulnerability

A denial-of-service vulnerability has been identified in justdan96 tsMuxer versions prior to 2.7.0. The issue arises in the HevcVpsUnit::setFPS function within hevc.cpp, where improper handling of the track_id argument leads to an assertion failure. This vulnerability requires local access to exploit and affects an unsupported version of the software.

Impact

Exploitation of this vulnerability causes an assertion failure, leading to a crash of the tsMuxer application.

Reproduction

The vulnerability can be reproduced by compiling tsMuxer with AddressSanitizer enabled, using Clang as the compiler. After building the application, it can be run with a proof-of-concept file that triggers the vulnerability.

Added: May 4, 2026, 7:20 AM

Updated: May 4, 2026, 7:20 AM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.6

remediation

0.0

relevance

7.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.6

exploitability

4.6

remediation

0.0

relevance

7.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

justdan96 tsMuxer Denial-of-Service Vulnerability in HevcVpsUnit::setFPS Function

Vulnerability

Impact

Reproduction

Affected Products

justdan96 tsMuxer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating