Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 783519 (CVE-2021-26805, CVE-2021-34067, CVE-2021-34068, CVE-2021-34069, CVE-2021-34070, CVE-2021-34071, CVE-2021-35344, CVE-2021-35346, CVE-2021-45860, CVE-2021-45861, CVE-2021-45863, CVE-2021-45864) - media-video/tsmuxer: multiple vulnerabilities
Summary: media-video/tsmuxer: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2021-26805, CVE-2021-34067, CVE-2021-34068, CVE-2021-34069, CVE-2021-34070, CVE-2021-34071, CVE-2021-35344, CVE-2021-35346, CVE-2021-45860, CVE-2021-45861, CVE-2021-45863, CVE-2021-45864
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/justdan96/tsMuxer/...
Whiteboard: ~3 [upstream/ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-17 23:48 UTC by John Helmert III
Modified: 2022-03-02 02:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-04-17 23:48:28 UTC
CVE-2021-26805:

Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.

Bug: https://github.com/justdan96/tsMuxer/issues/395
Patch: https://github.com/justdan96/tsMuxer/commit/0821aa63151bf1d8312b5b1508e568148053ed38

No release yet, as far as I can tell.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-24 03:41:21 UTC
CVE-2021-34067:

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Patch: https://github.com/justdan96/tsMuxer/commit/d77ed5e8dc701f64ed5da317b896879e621de865

CVE-2021-34068:

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Patch: https://github.com/justdan96/tsMuxer/commit/ea879f3b915baa4f9d145ce44229f7b3b1952c30

CVE-2021-34069:

Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Patch: https://github.com/justdan96/tsMuxer/commit/9070a9917f45bcada64a16be3b280d5147f9074d

CVE-2021-34070:

Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Patch: https://github.com/justdan96/tsMuxer/commit/378377e9245549caf889988ca6c21807ec7f8873

CVE-2021-34071:

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:22:59 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:31:18 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:39:16 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:47:24 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:03:22 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:11:39 UTC
Package list is empty or all packages have requested keywords.
Comment 8 Azamat H. Hackimov 2021-11-01 11:30:39 UTC
PR related: https://github.com/gentoo/gentoo/pull/14665. After merging it can be bumped to desired revision.
Comment 9 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-04 04:35:35 UTC
CVE-2021-35344:

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.

CVE-2021-35346:

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp.
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-02 02:02:02 UTC
CVE-2021-45860 (https://github.com/justdan96/tsMuxer/pull/511):

An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file.

CVE-2021-45861 (https://github.com/justdan96/tsMuxer/issues/478):

There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277.

CVE-2021-45863 (https://github.com/justdan96/tsMuxer/issues/509):

tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp.

CVE-2021-45864 (https://github.com/justdan96/tsMuxer/pull/480):

tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp.

Patches available and in nightly releases.