Описание
PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds. The vulnerability affects applications that receive video using H.264. A patch is available at https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491.
A flaw was found in PJSIP. A remote attacker could exploit a heap-based buffer overflow vulnerability in the H.264 unpacketizer by sending specially crafted Secure Real-time Transport Protocol (SRTP) packets. The unpacketizer fails to validate the bounds of a 2-byte Network Abstraction Layer (NAL) unit size field, which can lead to arbitrary code execution.
Отчет
Exploiting this vulnerability requires that an attacker can induce the processing of untrusted content. If an application accepting input from remote sources processes H.264 content with PJSIP, this vulnerability could consequently be exploited remotely.
Дополнительная информация
Статус:
8.4 High
CVSS3
Связанные уязвимости
PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds. The vulnerability affects applications that receive video using H.264. A patch is available at https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491.
PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds. The vulnerability affects applications that receive video using H.264. A patch is available at https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491.
PJSIP is a free and open source multimedia communication library writt ...
8.4 High
CVSS3