Debian LTS: DLA-3036-1 Moderate: pjproject Denial Of Service Threat
debian lts
May 31, 2022
Multiple security issues were discovered in pjproject, is a free and open source multimedia communication library CVE-2022-24763
Topics Covered
Summary
CVE-2022-24763
a denial-of-service vulnerability that affects PJSIP users that
consume PJSIP's XML parsing in their apps.
CVE-2022-24792
A denial-of-service vulnerability affects applications on a 32-bit
systems to play/read invalid WAV files. The vulnerability occurs
when reading WAV file data chunks with length greater than 31-bit
integers. The vulnerability does not affect 64-bit apps and should
not affect apps that only plays trusted WAV files
CVE-2022-24793
A buffer overflow vulnerability affects applications that uses
PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an
external resolver.
For Debian 9 stretch, these problems have been fixed in version
2.5.5~dfsg-6+deb9u5.
We recommend that you upgrade your pjproject packages.
For the detailed security status of pjproject please refer to
its security tracker page at:
Further information about Debian LTS security advisories, how to apply
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Package: pjproject
Version: 2.5.5~dfsg-6+deb9u5
CVE ID: CVE-2022-24763 CVE-2022-24792 CVE-2022-24793
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!