Yifei Xie

**Name of the Vulnerable Software and Affected Versions** librtppayload.so versions prior to SMR Oct-2024 Release 1 **Description** The issue is an out-of-bounds write in parsing h.264 format, allowing remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this issue. **Recommendations** For versions prior to SMR Oct-2024 Release 1, update to SMR Oct-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `librtppayload.so` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** librtppayload.so versions prior to SMR Oct-2024 Release 1 **Description** The issue is an out-of-bounds write in parsing h.263+ format, allowing remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this issue. **Recommendations** For versions prior to SMR Oct-2024 Release 1, update to SMR Oct-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `librtppayload.so` module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Information disclosure occurs while decoding RTP packet payload when a UE receives the RTP packet from the network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** librtp.so versions prior to SMR Aug-2024 Release 1 **Description** The issue is related to improper input validation, allowing remote attackers to execute arbitrary code with system privilege. User interaction is required to trigger this issue. **Recommendations** For versions prior to SMR Aug-2024 Release 1, update to SMR Aug-2024 Release 1 or later to resolve the issue.