CVE-2021-26805: Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file. Bug: https://github.com/justdan96/tsMuxer/issues/395 Patch: https://github.com/justdan96/tsMuxer/commit/0821aa63151bf1d8312b5b1508e568148053ed38 No release yet, as far as I can tell.
CVE-2021-34067: Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Patch: https://github.com/justdan96/tsMuxer/commit/d77ed5e8dc701f64ed5da317b896879e621de865 CVE-2021-34068: Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Patch: https://github.com/justdan96/tsMuxer/commit/ea879f3b915baa4f9d145ce44229f7b3b1952c30 CVE-2021-34069: Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Patch: https://github.com/justdan96/tsMuxer/commit/9070a9917f45bcada64a16be3b280d5147f9074d CVE-2021-34070: Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Patch: https://github.com/justdan96/tsMuxer/commit/378377e9245549caf889988ca6c21807ec7f8873 CVE-2021-34071: Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
Package list is empty or all packages have requested keywords.
PR related: https://github.com/gentoo/gentoo/pull/14665. After merging it can be bumped to desired revision.
CVE-2021-35344: tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. CVE-2021-35346: tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp.
CVE-2021-45860 (https://github.com/justdan96/tsMuxer/pull/511): An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. CVE-2021-45861 (https://github.com/justdan96/tsMuxer/issues/478): There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. CVE-2021-45863 (https://github.com/justdan96/tsMuxer/issues/509): tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. CVE-2021-45864 (https://github.com/justdan96/tsMuxer/pull/480): tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. Patches available and in nightly releases.
Updated https://github.com/gentoo/gentoo/pull/14665 to latest commit to address these vulnerabilities
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3be5ebc85d013c7390db32d6fc5f10a88a127f30 commit 3be5ebc85d013c7390db32d6fc5f10a88a127f30 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2020-02-15 08:19:44 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-01 17:45:18 +0000 media-video/tsmuxer: update to new version Updated to opensourced (license is Apache-2.0) version available at https://github.com/justdan96/tsMuxer Resolved multiple vulnerabilities (CVE-2021-26805, CVE-2021-34067, CVE-2021-34068, CVE-2021-34069, CVE-2021-34070, CVE-2021-34071, CVE-2021-35344, CVE-2021-35346, CVE-2021-45860, CVE-2021-45861, CVE-2021-45863, CVE-2021-45864) Closes: https://bugs.gentoo.org/691814 Bug: https://bugs.gentoo.org/783519 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: John Helmert III <ajak@gentoo.org> media-video/tsmuxer/Manifest | 1 + media-video/tsmuxer/metadata.xml | 3 ++ .../tsmuxer/tsmuxer-2.6.16_p20220706.ebuild | 40 ++++++++++++++++++++++ 3 files changed, 44 insertions(+)
And cleaned up in: commit e88ac3aeaa3200e608c55bb95d408e2da74790c8 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> Date: Wed Aug 31 22:40:24 2022 +0300 media-video/tsmuxer: drop 2.6.11-r1 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/14665 Signed-off-by: John Helmert III <ajak@gentoo.org> delete mode 100644 media-video/tsmuxer/tsmuxer-2.6.11-r1.ebuild
