CVE-2022-24792

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.12 and prior

Description The issue is related to a denial-of-service condition that occurs when handling WAV files. It affects 32-bit systems using PJSIP to play or read invalid WAV files, specifically when reading WAV file data chunks with lengths greater than 31-bit integers. This does not affect 64-bit applications or those that only play trusted WAV files.

Recommendations For PJSIP versions 2.12 and prior, update to a version that includes the patch available on the master branch of the pjsip/project GitHub repository. As a temporary workaround, consider rejecting WAV files received from unknown sources or validate the files first to minimize the risk of exploitation.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2024-15954

ALT-PU-2024-16030

BDU:2022-03169

CVE-2022-24792

DLA-3036-1

DLA-3194-1

DSA-5285-1

GHSA-RWGW-VWXG-Q799

Affected Products

Alt Linux

Debian

Pjsip

Red Os

CVE-2022-24792

Weakness Enumeration

Related Identifiers

Affected Products

References · 27