- ------------------------------------------------------------------------- Debian LTS Advisory DLA-3036-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 31, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : pjproject Version : 2.5.5~dfsg-6+deb9u5 CVE ID : CVE-2022-24763 CVE-2022-24792 CVE-2022-24793 Multiple security issues were discovered in pjproject, is a free and open source multimedia communication library CVE-2022-24763 a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. CVE-2022-24792 A denial-of-service vulnerability affects applications on a 32-bit systems to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files CVE-2022-24793 A buffer overflow vulnerability affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. For Debian 9 stretch, these problems have been fixed in version 2.5.5~dfsg-6+deb9u5. We recommend that you upgrade your pjproject packages. For the detailed security status of pjproject please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pjproject Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-3036-1: pjproject security update
May 31, 2022
Multiple security issues were discovered in pjproject, is a free and open source multimedia communication library CVE-2022-24763
Summary
CVE-2022-24763
a denial-of-service vulnerability that affects PJSIP users that
consume PJSIP's XML parsing in their apps.
CVE-2022-24792
A denial-of-service vulnerability affects applications on a 32-bit
systems to play/read invalid WAV files. The vulnerability occurs
when reading WAV file data chunks with length greater than 31-bit
integers. The vulnerability does not affect 64-bit apps and should
not affect apps that only plays trusted WAV files
CVE-2022-24793
A buffer overflow vulnerability affects applications that uses
PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an
external resolver.
For Debian 9 stretch, these problems have been fixed in version
2.5.5~dfsg-6+deb9u5.
We recommend that you upgrade your pjproject packages.
For the detailed security status of pjproject please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pjproject
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package : pjproject
Version : 2.5.5~dfsg-6+deb9u5
CVE ID : CVE-2022-24763 CVE-2022-24792 CVE-2022-24793
News
HOWTOs
About Us
Powered By
