CVE-2021-26805: Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file. Bug: https://github.com/justdan96/tsMuxer/issues/395 Patch: https://github.com/justdan96/tsMuxer/commit/0821aa63151bf1d8312b5b1508e568148053ed38 No release yet, as far as I can tell.
CVE-2021-34067: Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Patch: https://github.com/justdan96/tsMuxer/commit/d77ed5e8dc701f64ed5da317b896879e621de865 CVE-2021-34068: Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Patch: https://github.com/justdan96/tsMuxer/commit/ea879f3b915baa4f9d145ce44229f7b3b1952c30 CVE-2021-34069: Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Patch: https://github.com/justdan96/tsMuxer/commit/9070a9917f45bcada64a16be3b280d5147f9074d CVE-2021-34070: Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Patch: https://github.com/justdan96/tsMuxer/commit/378377e9245549caf889988ca6c21807ec7f8873 CVE-2021-34071: Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
Package list is empty or all packages have requested keywords.
PR related: https://github.com/gentoo/gentoo/pull/14665. After merging it can be bumped to desired revision.
CVE-2021-35344: tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. CVE-2021-35346: tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp.
CVE-2021-45860 (https://github.com/justdan96/tsMuxer/pull/511): An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file. CVE-2021-45861 (https://github.com/justdan96/tsMuxer/issues/478): There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277. CVE-2021-45863 (https://github.com/justdan96/tsMuxer/issues/509): tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp. CVE-2021-45864 (https://github.com/justdan96/tsMuxer/pull/480): tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp. Patches available and in nightly releases.
