PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
References
Link | Resource |
---|---|
https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508 | Patch Third Party Advisory |
https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202210-37 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508 | Patch Third Party Advisory |
https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202210-37 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508 - Patch, Third Party Advisory | |
References | () https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q - Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html - Mailing List, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/202210-37 - Third Party Advisory | |
References | () https://www.debian.org/security/2022/dsa-5285 - Third Party Advisory |
Information
Published : 2022-04-06 14:15
Updated : 2024-11-21 06:51
NVD link : CVE-2022-24786
Mitre link : CVE-2022-24786
CVE.ORG link : CVE-2022-24786
JSON object : View
Products Affected
debian
- debian_linux
pjsip
- pjsip