CVE-2024-52613 is a heap-based buffer under-read vulnerability found in the tsMuxer multimedia tool, specifically in the nightly build dated 2024-05-12. The flaw arises when tsMuxer processes a crafted MOV video file, leading to reading memory before the allocated buffer boundary. This out-of-bounds read can cause the application to crash, resulting in a Denial of Service (DoS) condition. The vulnerability is classified under CWE-125, which involves accessing memory outside the intended buffer limits. The CVSS 3.1 base score is 5.5, indicating medium severity, with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact is limited to availability (A:H), with no confidentiality or integrity impact. No patches or fixes have been published yet, and no active exploitation has been reported. The vulnerability primarily affects users running the specified nightly build of tsMuxer, a tool used for multiplexing video streams, especially when processing MOV files from untrusted sources.

The primary impact of CVE-2024-52613 is a Denial of Service caused by application crashes when processing malicious MOV files. For organizations relying on tsMuxer for video multiplexing or processing workflows, this could disrupt media pipelines, delay content production, or cause service outages. Although the vulnerability does not compromise data confidentiality or integrity, repeated crashes could lead to operational downtime and increased support costs. Attackers with local access or the ability to trick users into opening crafted MOV files can exploit this flaw. This risk is particularly relevant for media companies, broadcasters, and any organization integrating tsMuxer into automated video processing systems. Since no patch is currently available, the vulnerability poses a moderate operational risk until mitigated.

To mitigate CVE-2024-52613, organizations should avoid using the affected nightly build of tsMuxer (2024-05-12) until an official patch is released. Restrict tsMuxer usage to trusted MOV files only, implementing strict file validation and source verification. Employ sandboxing or containerization to isolate tsMuxer processes, limiting the impact of potential crashes. Monitor application logs and system stability to detect abnormal terminations that may indicate exploitation attempts. Consider using alternative, stable versions of tsMuxer or other multiplexing tools without this vulnerability. Maintain up-to-date backups of media processing environments to enable quick recovery from disruptions. Stay alert for official patches or updates from tsMuxer developers and apply them promptly once available.