783519 – (CVE-2021-26805, CVE-2021-34067, CVE-2021-34068, CVE-2021-34069, CVE-2021-34070, CVE-2021-34071, CVE-2021-35344, CVE-2021-35346, CVE-2021-45860, CVE-2021-45861, CVE-2021-45863, CVE-2021-45864) <media-video/tsmuxer-2.6.16_p20220706: multiple vulnerabilities

Bug 783519 (CVE-2021-26805, CVE-2021-34067, CVE-2021-34068, CVE-2021-34069, CVE-2021-34070, CVE-2021-34071, CVE-2021-35344, CVE-2021-35346, CVE-2021-45860, CVE-2021-45861, CVE-2021-45863, CVE-2021-45864) - <media-video/tsmuxer-2.6.16_p20220706: multiple vulnerabilities

Summary: <media-video/tsmuxer-2.6.16_p20220706: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2021-26805, CVE-2021-34067, CVE-2021-34068, CVE-2021-34069, CVE-2021-34070, CVE-2021-34071, CVE-2021-35344, CVE-2021-35346, CVE-2021-45860, CVE-2021-45861, CVE-2021-45863, CVE-2021-45864

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:	https://github.com/justdan96/tsMuxer/...
Whiteboard:	~3 [noglsa]
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2021-04-17 23:48 UTC by John Helmert III
Modified:	2022-09-01 17:49 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/14665
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-04-17 23:48:28 UTC

CVE-2021-26805:

Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.

Bug: https://github.com/justdan96/tsMuxer/issues/395
Patch: https://github.com/justdan96/tsMuxer/commit/0821aa63151bf1d8312b5b1508e568148053ed38

No release yet, as far as I can tell.

Comment 1 John Helmert III archtester

2021-06-24 03:41:21 UTC

CVE-2021-34067:

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Patch: https://github.com/justdan96/tsMuxer/commit/d77ed5e8dc701f64ed5da317b896879e621de865

CVE-2021-34068:

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Patch: https://github.com/justdan96/tsMuxer/commit/ea879f3b915baa4f9d145ce44229f7b3b1952c30

CVE-2021-34069:

Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Patch: https://github.com/justdan96/tsMuxer/commit/9070a9917f45bcada64a16be3b280d5147f9074d

CVE-2021-34070:

Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Patch: https://github.com/justdan96/tsMuxer/commit/378377e9245549caf889988ca6c21807ec7f8873

CVE-2021-34071:

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:22:59 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:31:18 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:39:16 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:47:24 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 18:03:22 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 18:11:39 UTC

Package list is empty or all packages have requested keywords.

Comment 8 Azamat H. Hackimov 2021-11-01 11:30:39 UTC

PR related: https://github.com/gentoo/gentoo/pull/14665. After merging it can be bumped to desired revision.

Comment 9 John Helmert III archtester

2021-12-04 04:35:35 UTC

CVE-2021-35344:

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.

CVE-2021-35346:

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp.

Comment 10 John Helmert III archtester

2022-03-02 02:02:02 UTC

CVE-2021-45860 (https://github.com/justdan96/tsMuxer/pull/511):

An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-2678966 allows attackers to cause a Denial of Service (DoS) via a crafted file.

CVE-2021-45861 (https://github.com/justdan96/tsMuxer/issues/478):

There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skipBits in /bitStream.h:132 of tsMuxer git-c6a0277.

CVE-2021-45863 (https://github.com/justdan96/tsMuxer/issues/509):

tsMuxer git-2678966 was discovered to contain a heap-based buffer overflow via the function HevcUnit::updateBits in hevc.cpp.

CVE-2021-45864 (https://github.com/justdan96/tsMuxer/pull/480):

tsMuxer git-c6a0277 was discovered to contain a segmentation fault via DTSStreamReader::findFrame in dtsStreamReader.cpp.

Patches available and in nightly releases.

Comment 11 Azamat H. Hackimov 2022-07-09 19:15:19 UTC

Updated https://github.com/gentoo/gentoo/pull/14665 to latest commit to address these vulnerabilities

Comment 12 Larry the Git Cow gentoo-dev

2022-09-01 17:46:31 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3be5ebc85d013c7390db32d6fc5f10a88a127f30

commit 3be5ebc85d013c7390db32d6fc5f10a88a127f30
Author:     Azamat H. Hackimov <azamat.hackimov@gmail.com>
AuthorDate: 2020-02-15 08:19:44 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-09-01 17:45:18 +0000

    media-video/tsmuxer: update to new version
    
    Updated to opensourced (license is Apache-2.0) version available at
    https://github.com/justdan96/tsMuxer
    Resolved multiple vulnerabilities (CVE-2021-26805, CVE-2021-34067,
    CVE-2021-34068, CVE-2021-34069, CVE-2021-34070, CVE-2021-34071,
    CVE-2021-35344, CVE-2021-35346, CVE-2021-45860, CVE-2021-45861,
    CVE-2021-45863, CVE-2021-45864)
    
    Closes: https://bugs.gentoo.org/691814
    Bug: https://bugs.gentoo.org/783519
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-video/tsmuxer/Manifest                       |  1 +
 media-video/tsmuxer/metadata.xml                   |  3 ++
 .../tsmuxer/tsmuxer-2.6.16_p20220706.ebuild        | 40 ++++++++++++++++++++++
 3 files changed, 44 insertions(+)

Comment 13 John Helmert III archtester

2022-09-01 17:49:23 UTC

And cleaned up in:

commit e88ac3aeaa3200e608c55bb95d408e2da74790c8
Author: Azamat H. Hackimov <azamat.hackimov@gmail.com>
Date:   Wed Aug 31 22:40:24 2022 +0300

    media-video/tsmuxer: drop 2.6.11-r1

    Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/14665
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 delete mode 100644 media-video/tsmuxer/tsmuxer-2.6.11-r1.ebuild