{"id":"CVE-2022-24786","summary":"Potential out-of-bound read/write in PJSIP","details":"PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.","aliases":["GHSA-vhxv-phmx-g52q"],"modified":"2026-04-02T07:50:46.505253Z","published":"2022-04-06T00:00:00Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24786.json","cwe_ids":["CWE-125","CWE-787"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24786.json"},{"type":"ADVISORY","url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24786"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-37"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5285"},{"type":"FIX","url":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pjsip/pjproject","events":[{"introduced":"0"},{"fixed":"11559e49e65bdf00922ad5ae28913ec6a198d508"}]}],"versions":["0.3-pre","0.5.0-before-conf","0.5.0.1","0.5.10","0.5.10.1","0.5.10.2","0.5.10.3","0.5.10.4","0.5.2","0.5.3","0.5.4","0.5.5.1","0.5.6","0.5.6.1","0.5.7","0.5.8","0.5.9","0.7.0","0.7.0-rc1","0.8.0","0.9.0","1.0","1.0-rc1","1.0-rc2","1.0-rc3","1.0-rc4","1.0.1","1.0.2","1.0.3","1.1","1.10","1.12","1.14","1.14.2","1.16","1.2","1.3","1.4","1.4.5","1.5","1.5.5","1.6","1.7","1.8","1.8.10","1.8.5","2.0","2.0-alpha","2.0-alpha2","2.0-beta","2.0-rc","2.0.1","2.1","2.10","2.11","2.11.1","2.12","2.12.1","2.2","2.2.1","2.3","2.4","2.4.5","2.5","2.5.1","2.5.5","2.6","2.7","2.7.1","2.7.2","2.8","2.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24786.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["165995524492436826008003506642633984663","133677705103140688164641498824501451838","259416313368328582248717219098280088060","275042734431304601182449312341257355525","315017238303910129215355466154252445143","9785129354242514087666748086975513146","248520022701370530477136390898768636120"]},"id":"CVE-2022-24786-21e440aa","deprecated":false,"signature_type":"Line","target":{"file":"pjmedia/include/pjmedia/rtcp.h"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"function_hash":"168063144898134625731881996357407537201","length":435},"id":"CVE-2022-24786-4317ab18","deprecated":false,"signature_type":"Function","target":{"function":"pjmedia_rtcp_fb_build_pli","file":"pjmedia/src/pjmedia/rtcp_fb.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["964439388615226985698997407795386987","50204984969835633399775829997712536506","287918432622299211532943669813028585746"]},"id":"CVE-2022-24786-4f5aff4c","deprecated":false,"signature_type":"Line","target":{"file":"pjmedia/src/pjmedia/rtcp.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"function_hash":"244933196571783332507735174379855200381","length":966},"id":"CVE-2022-24786-51f68369","deprecated":false,"signature_type":"Function","target":{"function":"pjmedia_rtcp_fb_build_rpsi","file":"pjmedia/src/pjmedia/rtcp_fb.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"function_hash":"59107664360155524107031641192224396246","length":250},"id":"CVE-2022-24786-5d60ad9b","deprecated":false,"signature_type":"Function","target":{"function":"pjmedia_rtcp_fb_parse_pli","file":"pjmedia/src/pjmedia/rtcp_fb.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"function_hash":"93656797793835204070577170656320131103","length":984},"id":"CVE-2022-24786-638bee8d","deprecated":false,"signature_type":"Function","target":{"function":"pjmedia_rtcp_fb_build_sli","file":"pjmedia/src/pjmedia/rtcp_fb.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["136240410088742296705772047800924144113","35442197088114250396656572578836334293","154075623763773457904980524318011815154","310665599734495266714031996795508787941","20179806556529709960762190055534847972","286700084851521208817823206610639115158","153034554123646571854937932715094792321","193381654561696936814996422841026129395","295365524326838692769138613687159632374","133165721604424386706341832039652350306","205858442581220285236514813248029197027","224031328614288986786483434243885895843","225917394875965150333199247254367621830","42501037523490756143726121001884561741","28210177212912202399789278425357354588","167397670088549371046139874051247622116","145962196915257114290432251413077897036","286700084851521208817823206610639115158","83075158924538489746533858654680690773","267283128907408447487385435212071058441","74106037376466198152252078134084687130","206198154095985401271778245773402750938","177961226039933892190784664596357570023","126335141843718667944072786677383531973","308444220955209496626806896612295352260","60305106090579602383548546653814353306","154075623763773457904980524318011815154","256784159461056105686596780602508110211","152262539895184772015022753487278489179","286700084851521208817823206610639115158","83075158924538489746533858654680690773","74336809394835436916014339320823966656","86410367365705577388299692240936726545","117389644708177543473052186783748971628","293610155405813823430055057381672445073","116179316978520165863042174586841248431","97715746124691174704740611419846357540","98811835161896908310663488871526223014","67465692442535808179433388336991932499","251143790466576814367938593725222714062","172091639621107861454168400088597082465","286700084851521208817823206610639115158","83075158924538489746533858654680690773","232965584444940678591961809518722867232","255177946821926364215325558766644456195","317666151878657392766173717557113868539","242043878000380821669380951326917176034","88102791677473570263706675981717826430","147938607712757035528560182097947771368","328488060198175468068437065936278431635","20847772060190969428936463205045867795","169158891931712598715147489688037706513","87087974366565370710644087313906301788","23367499136104938575096810792606253902","266837714915104584616569252580949862045","132639941295466046424930411403920946578","135857654446051656955626178117893656433","71920202491829298080420304535402815330","85776037159513251487851203824788478834","340206066551304017674915033169997853941","20295337275857860672113840226532542218","23520211397829419137984170724560079581","98318046599372351793048424203211655592","164186401215260677572221986200585268890","237923781342697461932095293702794514670","299494282303633696341558179651167312851","191276864308108881242200122031726004091","49876967754635265282810827432417734185","210913656831397099295104940631373593618","20847772060190969428936463205045867795","237763291743957568030476749733476397643","135297353339173716328236429376019108947","134137191368526952044242400584346595457","96947463441960904297764255525743595957","38703457680190538870662133001516326373","150709128243431570115596014354477175679","97264480108296867183066344461584939808","4958508832244408298917208618408159898","91009573975692615513105659138803952645","339429807016937708142727521954260297841","82049557908742157110539712658294716172","175502204172754850583098750892740561980","206616321930301122192270845340883930514","334404824076899210639135511173190382166","303529409535329389777347661363692782417","127591588950595382850822244686233348561","214358625509582564936212787588501455635","264755995101009325106516356812634981167","195230002423061672805434853229851594352","70624981739514977603439647510245136091","166098654200228914341568687469717937880","152076907751928020243350104974567975118","109044972446898133726937146502002462155","275910609831731129721579009494165084402"]},"id":"CVE-2022-24786-8255df86","deprecated":false,"signature_type":"Line","target":{"file":"pjmedia/src/pjmedia/rtcp_fb.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"function_hash":"212353346985565153226716986469422583976","length":805},"id":"CVE-2022-24786-8e063512","deprecated":false,"signature_type":"Function","target":{"function":"pjmedia_rtcp_fb_parse_nack","file":"pjmedia/src/pjmedia/rtcp_fb.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"function_hash":"307157754031175078101402685271114253889","length":658},"id":"CVE-2022-24786-980d9c4b","deprecated":false,"signature_type":"Function","target":{"function":"pjmedia_rtcp_fb_parse_rpsi","file":"pjmedia/src/pjmedia/rtcp_fb.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"function_hash":"73868422228055501526843496509143267213","length":844},"id":"CVE-2022-24786-aba8afa7","deprecated":false,"signature_type":"Function","target":{"function":"pjmedia_rtcp_fb_parse_sli","file":"pjmedia/src/pjmedia/rtcp_fb.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"function_hash":"316162260467219681407781952138856336526","length":803},"id":"CVE-2022-24786-cb7ef3d2","deprecated":false,"signature_type":"Function","target":{"function":"pjmedia_rtcp_fb_build_nack","file":"pjmedia/src/pjmedia/rtcp_fb.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"},{"digest":{"function_hash":"281464819933803757277780384086131965126","length":934},"id":"CVE-2022-24786-cf4afce2","deprecated":false,"signature_type":"Function","target":{"function":"pjmedia_rtcp_init2","file":"pjmedia/src/pjmedia/rtcp.c"},"source":"https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}