Description
A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-05-04
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the setFPS function of tsMuxer’s vvc.cpp module. Manipulating the track_id argument can trigger a denial of service by causing the application to terminate unexpectedly. The defect is categorized as CWE-404, a missing error handling error.

Affected Systems

Justdan96 tsMuxer versions up to 2.7.0 are affected. These releases are no longer maintained or supported by the developer. No newer supported versions have been confirmed to contain a fix.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. It requires local access to the host; an attacker must be able to execute code on the system to exploit it. While local exploitation limits the potential impact to the affected machine, the denial of service can disrupt services relying on tsMuxer.

Generated by OpenCVE AI on May 4, 2026 at 07:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Discontinue use of tsMuxer on unsupported versions
  • Upgrade to a supported or alternative product if one exists
  • Restrict local execution privileges for tsMuxer and monitor for repeated failures

Generated by OpenCVE AI on May 4, 2026 at 07:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Title justdan96 tsMuxer vvc.cpp setFPS denial of service
First Time appeared Justdan96
Justdan96 tsmuxer
Weaknesses CWE-404
CPEs cpe:2.3:a:justdan96:tsmuxer:*:*:*:*:*:*:*:*
Vendors & Products Justdan96
Justdan96 tsmuxer
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Justdan96 Tsmuxer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T17:49:51.273Z

Reserved: 2026-05-03T17:13:35.825Z

Link: CVE-2026-7740

cve-icon Vulnrichment

Updated: 2026-05-04T16:44:05.219Z

cve-icon NVD

Status : Deferred

Published: 2026-05-04T07:16:02.257

Modified: 2026-05-04T15:17:58.710

Link: CVE-2026-7740

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T07:45:05Z

Weaknesses