Headline
CVE-2022-24786: Potential out-of-bound read/write when parsing RTCP FB RPSI
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the master branch of the pjsip/pjproject GitHub repository. There are currently no known workarounds.
Impact
Currently PJSIP doesn’t parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected.
Patches
The patch is available as commit 11559e4 in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]
Related news
Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.
Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.