Debian 10262 Published by

A pjproject security update has been released for Debian GNU/Linux 9 Extended LT to address multiple security issues.



ELA-773-1 pjproject security update

Package : pjproject
Version : 2.5.5~dfsg-6+deb9u8 (stretch)

Related CVEs :
CVE-2022-23537
CVE-2022-23547

Multiple security issues were discovered in pjproject, a free and open source multimedia communication library written in C implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE

CVE-2022-23537
Buffer overread when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB.

CVE-2022-23547
Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB.

  ELA-773-1 pjproject security update