A pjproject security update has been released for Debian GNU/Linux 9 Extended LT to address multiple security issues.
ELA-773-1 pjproject security update
Package : pjproject
ELA-773-1 pjproject security update
Version : 2.5.5~dfsg-6+deb9u8 (stretch)
Related CVEs :
CVE-2022-23537
CVE-2022-23547
Multiple security issues were discovered in pjproject, a free and open source multimedia communication library written in C implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE
CVE-2022-23537
Buffer overread when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB.
CVE-2022-23547
Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB.
