{"id":"CVE-2021-41141","details":"PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.","modified":"2026-04-11T18:45:20.543426Z","published":"2022-01-04T19:15:14.687Z","related":["GHSA-8fmx-hqw7-6gmc"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-37"},{"type":"FIX","url":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196"},{"type":"FIX","url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pjsip/pjproject","events":[{"introduced":"0"},{"last_affected":"513700f74787009241a11eda125284277f7dfc1c"},{"fixed":"1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.11.1"}]}}],"versions":["2.10","2.11","2.11.1"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","id":"CVE-2021-41141-03ee402f","signature_version":"v1","digest":{"function_hash":"125819378138438011945101975972714730583","length":1703},"target":{"file":"pjmedia/src/pjmedia-codec/ipp_codecs.c","function":"ipp_alloc_codec"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Function","id":"CVE-2021-41141-07c56a76","signature_version":"v1","digest":{"function_hash":"218747591657902152153048284437613970685","length":1885},"target":{"file":"pjmedia/src/pjmedia-codec/and_aud_mediacodec.cpp","function":"and_media_alloc_codec"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Function","id":"CVE-2021-41141-1a8f7587","signature_version":"v1","digest":{"function_hash":"190625584317204092340902755318678238446","length":3356},"target":{"file":"pjmedia/src/pjmedia/vid_conf.c","function":"pjmedia_vid_conf_add_port"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Function","id":"CVE-2021-41141-232e7a07","signature_version":"v1","digest":{"function_hash":"127215111352915922616233338091525364126","length":506},"target":{"file":"pjmedia/src/pjmedia-codec/speex_codec.c","function":"pjmedia_codec_speex_deinit"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Line","id":"CVE-2021-41141-44c0ac64","signature_version":"v1","digest":{"line_hashes":["72034850421652991240548021149377817480","203251017706402886707205695389579332104","99152012475625321446728044985670103095","146871446473456870424328070735923549556"],"threshold":0.9},"target":{"file":"pjmedia/src/pjmedia-codec/speex_codec.c"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Function","id":"CVE-2021-41141-44d44fad","signature_version":"v1","digest":{"function_hash":"49066555164047112227048680437507419728","length":1762},"target":{"file":"pjmedia/src/pjmedia/vid_conf.c","function":"pjmedia_vid_conf_disconnect_port"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Function","id":"CVE-2021-41141-46016e72","signature_version":"v1","digest":{"function_hash":"1558841312698371581735315458188734871","length":1144},"target":{"file":"pjmedia/src/pjmedia-codec/passthrough.c","function":"alloc_codec"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Line","id":"CVE-2021-41141-5439ce4e","signature_version":"v1","digest":{"line_hashes":["234908212969495671642843883676120856444","13549203495841430523536775640372282430","148675843466775740615785274310661116510","135051868329340805665782257757022513986"],"threshold":0.9},"target":{"file":"pjmedia/src/pjmedia-codec/ipp_codecs.c"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Line","id":"CVE-2021-41141-58d1be4c","signature_version":"v1","digest":{"line_hashes":["234908212969495671642843883676120856444","13549203495841430523536775640372282430","148675843466775740615785274310661116510","230631042012119564335125601454259158752"],"threshold":0.9},"target":{"file":"pjmedia/src/pjmedia-codec/and_aud_mediacodec.cpp"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Line","id":"CVE-2021-41141-5c66fe11","signature_version":"v1","digest":{"line_hashes":["234908212969495671642843883676120856444","98242687775482903560560409145528622969","201909697535225212013928998963604089897","196592156847247617171977464365492140017"],"threshold":0.9},"target":{"file":"pjmedia/src/pjmedia-codec/passthrough.c"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Line","id":"CVE-2021-41141-7b37b07e","signature_version":"v1","digest":{"line_hashes":["174454471093818320377444601527960357446","278089180272853581080648432998689411013","275244125115495833982093692942278555399","210685476538547168922816857567395682753","50154784472544610356918628243528921834","180354783132405596052944926421275482317","57550829429154264206521301090145632057","312946977918712990627043260194089146068"],"threshold":0.9},"target":{"file":"pjmedia/src/pjmedia-codec/opus.c"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Function","id":"CVE-2021-41141-7f5906f8","signature_version":"v1","digest":{"function_hash":"144597341741900568512502988983669567987","length":4447},"target":{"file":"pjmedia/src/pjmedia-codec/opus.c","function":"codec_open"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Function","id":"CVE-2021-41141-9f88bc5c","signature_version":"v1","digest":{"function_hash":"120225991693687630763710444690840716075","length":931},"target":{"file":"pjmedia/src/pjmedia/vid_conf.c","function":"pjmedia_vid_conf_remove_port"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Line","id":"CVE-2021-41141-a94d3ca5","signature_version":"v1","digest":{"line_hashes":["190982183164846774748421382942672713865","196395715521384268165319541454123849993","135116797563231877181267927192651407960","222059502984561508293679063064947106202","122271856572625934038181984640289849662","242410098765156215846003211077764528189","114725590555173349627361846252235233586","279682066956964399708364752639132164106","120572928585327191159376768811161557046","232972406738799361017418318677718238542","87910392168721981099208608882630840223","330198222604212706547984307958013840552","186730181444343241082625980656706679976","218802757759411467898987744259810142954","312202595775928298988746582104998337025","25694742666059840431784252226301704172","53979542702504968436543266240527673093","228722063715379213927443388444861978684","257858441994775897896115169948244554161","203307914328907667018693401286951951222","96191017563577212516453737021105708620","311918063797087912660201603526849430295","48544634401613434956878623443256554740","119309695636171477265703522507653297743","334964263292428005003037616713448856775","99302475786573776551243703293462721356","19427346756099751934444400741464289456","230897361952791293046200725240233952546","191934083439188089426991643018507829131","291317209317879890648183048173582792219","247275008214612627927342006665589863230","139705178460756643425057447584530174266","79096934884551930039340152809056130625","114563732423907951168976724549724572804","263835534702141159614534112046163642490","230897361952791293046200725240233952546","191934083439188089426991643018507829131","291317209317879890648183048173582792219","247275008214612627927342006665589863230"],"threshold":0.9},"target":{"file":"pjmedia/src/pjmedia/vid_conf.c"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false},{"signature_type":"Function","id":"CVE-2021-41141-b41ac2e4","signature_version":"v1","digest":{"function_hash":"166193237661465554418975624517860118237","length":2126},"target":{"file":"pjmedia/src/pjmedia/vid_conf.c","function":"pjmedia_vid_conf_connect_port"},"source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false}],"vanir_signatures_modified":"2026-04-11T18:45:20Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41141.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}