 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2022-24792 |
| Description: | PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.893036 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2022-24792 https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799 Debian Security Information: DSA-5285 (Google Search) https://www.debian.org/security/2022/dsa-5285 https://security.gentoo.org/glsa/202210-37 https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213 https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213 https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html |