CVE-2023-45510 in tsMuxerinfo

Summary

by MITRE • 10/25/2023

tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 02/10/2026

The vulnerability identified as CVE-2023-45510 affects tsMuxer version git-2539d07 and represents a critical memory management flaw that manifests as an alloc-dealloc-mismatch error. This type of vulnerability occurs when memory is allocated using one method but deallocated using a different incompatible method, creating a fundamental mismatch in the memory management system. The specific error pattern involves the use of operator new[] for memory allocation followed by operator delete for deallocation, which violates standard memory management protocols and can lead to undefined behavior.

This memory management error falls under the category of CWE-415 Double Free and CWE-416 Use After Free, though more specifically relates to improper memory deallocation patterns that can cause heap corruption. The flaw exists within the tsMuxer software which is a popular open-source tool used for muxing and demuxing multimedia files, particularly for creating transport streams from various video and audio formats. The software's handling of memory allocation and deallocation routines creates a condition where the application may attempt to free memory that was not allocated using the corresponding deallocation method, potentially leading to system instability or exploitation.

The operational impact of this vulnerability extends beyond simple memory corruption, as it can potentially enable attackers to execute arbitrary code or cause denial of service conditions within applications that utilize tsMuxer. When the memory management system encounters this mismatch, it may result in heap corruption that could be exploited through carefully crafted input files, particularly those processed by tsMuxer for muxing operations. The vulnerability is particularly concerning in environments where tsMuxer is used to process untrusted multimedia content, as an attacker could potentially craft malicious media files that trigger the memory management error during processing.

From an attack perspective, this vulnerability aligns with ATT&CK technique T1059.007 Command and Scripting Interpreter: JavaScript, though more specifically relates to memory corruption techniques that could be leveraged in software exploitation. The flaw creates an opportunity for attackers to manipulate the memory layout of the application, potentially leading to privilege escalation or complete system compromise. Mitigation strategies should focus on immediate code review and correction of the memory management routines, ensuring that all allocations using new[] are matched with corresponding deallocations using delete[], and similarly for new[] with delete[]. Additionally, implementing proper memory debugging tools and static analysis can help identify similar patterns in other parts of the codebase that may be susceptible to the same class of vulnerabilities.

Reservation

10/09/2023

Disclosure

10/25/2023

Moderation

accepted

CPE

ready

EPSS

0.00591

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!