CVE-2025-65102

Name
CVE-2025-65102
Description
PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio codec in receiving direction. The vulnerability can lead to unexpected application termination due to a memory overwrite. This issue has been patched in version 2.16.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/pjsip/pjproject/commit/6e9bd2e7d25bba26f852771b40693f45da14fa8f
CONFIRM https://github.com/pjsip/pjproject/security/advisories/GHSA-w5vr-39x7-h8g5

Match rules

CPE URI Source package Min version Max version
pjproject >= 0 < 2.16

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
pjproject edge-main 2.15.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject edge-main 2.14.1-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject edge-main 2.14.1-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject edge-main 2.14-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject edge-main 2.13.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject edge-main 2.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject edge-main 2.12.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject edge-main 2.12-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject edge-main 2.11.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject edge-main 2.11-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject 3.22-main 2.15.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject 3.22-main 2.14-r0 None possibly vulnerable
pjproject 3.22-main 2.13.1-r0 None possibly vulnerable
pjproject 3.22-main 2.13-r0 None possibly vulnerable
pjproject 3.22-main 2.12.1-r0 None possibly vulnerable
pjproject 3.22-main 2.12-r0 None possibly vulnerable
pjproject 3.22-main 2.11.1-r0 None possibly vulnerable
pjproject 3.22-main 2.11-r0 None possibly vulnerable
pjproject 3.21-main 2.14.1-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject 3.21-main 2.14-r0 None possibly vulnerable
pjproject 3.21-main 2.13.1-r0 None possibly vulnerable
pjproject 3.21-main 2.13-r0 None possibly vulnerable
pjproject 3.21-main 2.12.1-r0 None possibly vulnerable
pjproject 3.21-main 2.12-r0 None possibly vulnerable
pjproject 3.21-main 2.11.1-r0 None possibly vulnerable
pjproject 3.21-main 2.11-r0 None possibly vulnerable
pjproject 3.20-main 2.14.1-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject 3.20-main 2.14-r0 None possibly vulnerable
pjproject 3.20-main 2.13.1-r0 None possibly vulnerable
pjproject 3.20-main 2.13-r0 None possibly vulnerable
pjproject 3.20-main 2.12.1-r0 None possibly vulnerable
pjproject 3.20-main 2.12-r0 None possibly vulnerable
pjproject 3.20-main 2.11.1-r0 None possibly vulnerable
pjproject 3.20-main 2.11-r0 None possibly vulnerable
pjproject 3.19-main 2.14-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
pjproject 3.19-main 2.13.1-r0 None possibly vulnerable
pjproject 3.19-main 2.13-r0 None possibly vulnerable
pjproject 3.19-main 2.12.1-r0 None possibly vulnerable
pjproject 3.19-main 2.12-r0 None possibly vulnerable
pjproject 3.19-main 2.11.1-r0 None possibly vulnerable
pjproject 3.19-main 2.11-r0 None possibly vulnerable