Jfigus

**Name of the Vulnerable Software and Affected Versions** libsrtp versions prior to 1.4.4 p20121108-r1 libsrtp version 1.4.5 and earlier **Description** The issue is related to a buffer overflow in the srtp.c file of the libsrtp package, which can be exploited remotely to cause a denial of service (crash). This is due to a length inconsistency in the `crypto policy set from profile for rtp` and `srtp protect` functions. **Recommendations** For libsrtp versions prior to 1.4.4 p20121108-r1, update to version 1.4.4 p20121108-r1 or later. For libsrtp version 1.4.5 and earlier, update to a version later than 1.4.5. As a temporary workaround, consider restricting access to the `srtp protect` and `crypto policy set from profile for rtp` functions until a patch is available.