| Package | pjproject |
|---|---|
| Version | 2.5.5~dfsg-6+deb9u8 (stretch) |
| Related CVEs | CVE-2022-23537 CVE-2022-23547 |
Multiple security issues were discovered in pjproject, a free and open source multimedia communication library written in C implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE
CVE-2022-23537
Buffer overread when parsing a specially crafted STUN message with
unknown attribute. The vulnerability affects applications that
uses STUN including PJNATH and PJSUA-LIB.
CVE-2022-23547
Possible buffer overread when parsing a certain STUN message.
The vulnerability affects applications that uses STUN including
PJNATH and PJSUA-LIB.
For Debian 9 stretch, these problems have been fixed in version 2.5.5~dfsg-6+deb9u8.
We recommend that you upgrade your pjproject packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.