CVE-2022-24786

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.12 and prior

Description The issue is related to the implementation of the pjmedia rtcp fb parse rpsi() function in the PJSIP multimedia communication library. It is associated with a buffer overflow in memory when processing an incoming RPSI (Reference Picture Selection Indication) packet. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For PJSIP versions 2.12 and prior, a patch is available in the master branch of the pjsip/pjproject GitHub repository. As a temporary workaround, consider disabling the use of pjmedia rtcp fb parse rpsi() function until a patch is applied. There are currently no known workarounds other than applying the patch.