PT-2025-47808 · Pjsip · Pjsip
Published
2025-11-21
·
Updated
2025-11-22
·
CVE-2025-65102
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
PJSIP versions prior to 2.16
Description
PJSIP is a multimedia communication library. Versions before 2.16 may experience a memory overwrite issue when using the Opus audio codec in receiving direction. This occurs because Opus PLC may zero-fill the input frame while the input frame length, based on stream ptime, is less than the decoder ptime. This can lead to unexpected application termination.
Recommendations
Update to version 2.16 or later.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pjsip