CVE-2025-65102Classic Buffer Overflow in Pjproject

CWE-120Classic Buffer Overflow2 documents2 sources
Severity
8.7HIGHNVD
EPSS
0.1%
top 84.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pjsip Pjproject
Timeline
PublishedNov 21

Description

PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio codec in receiving direction. The vulnerability can lead to unexpected application termination due to a memory overwrite. This issue has been patched in version 2.16.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5pjsip/pjproject< 2.16
Alpinepjsip/pjproject< 2.16.0-r0

🔴Vulnerability Details

1
OSV
CVE-2025-65102: PJSIP is a free and open source multimedia communication library2025-11-21
CVE-2025-65102 — Classic Buffer Overflow in Pjproject | cvebase