PJSIP pjmedia-codec
cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*
- <= 2.16
A stack buffer overflow vulnerability has been identified in the PJSIP multimedia communication library, specifically in versions prior to 2.17. The issue arises in the pjmedia-codec component when parsing RTP payloads that contain more frames than the allocated buffer can accommodate. This flaw has been confirmed with AddressSanitizer, indicating a critical security risk.
Exploitation of this vulnerability leads to a stack buffer overflow, allowing for potential arbitrary code execution or causing a program crash. This vulnerability is particularly critical as it occurs in the context of media processing, where such buffer overflows can often be exploited to execute malicious code.
Users can upgrade to PJSIP version 2.17 or later to address this vulnerability. The patch is available in the PJSIP GitHub repository.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.