PJSIP
cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*
- <= 2.16
A critical heap-based buffer overflow vulnerability has been identified in PJSIP versions 2.16 and below, specifically within the H.264 unpacketizer. This vulnerability arises when the unpacketizer processes malformed SRTP packets, as it reads a 2-byte NAL unit size field without properly validating that both bytes are within the bounds of the payload buffer. The issue affects applications that handle video using H.264.
Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in arbitrary code execution or memory corruption.
Users can upgrade to PJSIP version 2.17, where this vulnerability has been patched.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.