{"id":"CVE-2021-41141","details":"PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.","modified":"2026-02-24T01:22:41.348966Z","published":"2022-01-04T19:15:14.687Z","related":["GHSA-8fmx-hqw7-6gmc"],"references":[{"type":"ADVISORY","url":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196"},{"type":"ADVISORY","url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-37"},{"type":"FIX","url":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196"},{"type":"FIX","url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pjsip/pjproject","events":[{"introduced":"0"},{"fixed":"1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196"}]}],"versions":["2.10","2.11"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41141.json","vanir_signatures":[{"digest":{"length":1703,"function_hash":"125819378138438011945101975972714730583"},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-03ee402f","signature_type":"Function","target":{"function":"ipp_alloc_codec","file":"pjmedia/src/pjmedia-codec/ipp_codecs.c"}},{"digest":{"length":1885,"function_hash":"218747591657902152153048284437613970685"},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-07c56a76","signature_type":"Function","target":{"function":"and_media_alloc_codec","file":"pjmedia/src/pjmedia-codec/and_aud_mediacodec.cpp"}},{"digest":{"length":3356,"function_hash":"190625584317204092340902755318678238446"},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-1a8f7587","signature_type":"Function","target":{"function":"pjmedia_vid_conf_add_port","file":"pjmedia/src/pjmedia/vid_conf.c"}},{"digest":{"length":506,"function_hash":"127215111352915922616233338091525364126"},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-232e7a07","signature_type":"Function","target":{"function":"pjmedia_codec_speex_deinit","file":"pjmedia/src/pjmedia-codec/speex_codec.c"}},{"digest":{"threshold":0.9,"line_hashes":["72034850421652991240548021149377817480","203251017706402886707205695389579332104","99152012475625321446728044985670103095","146871446473456870424328070735923549556"]},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-44c0ac64","signature_type":"Line","target":{"file":"pjmedia/src/pjmedia-codec/speex_codec.c"}},{"digest":{"length":1762,"function_hash":"49066555164047112227048680437507419728"},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-44d44fad","signature_type":"Function","target":{"function":"pjmedia_vid_conf_disconnect_port","file":"pjmedia/src/pjmedia/vid_conf.c"}},{"digest":{"length":1144,"function_hash":"1558841312698371581735315458188734871"},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-46016e72","signature_type":"Function","target":{"function":"alloc_codec","file":"pjmedia/src/pjmedia-codec/passthrough.c"}},{"digest":{"threshold":0.9,"line_hashes":["234908212969495671642843883676120856444","13549203495841430523536775640372282430","148675843466775740615785274310661116510","135051868329340805665782257757022513986"]},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-5439ce4e","signature_type":"Line","target":{"file":"pjmedia/src/pjmedia-codec/ipp_codecs.c"}},{"digest":{"threshold":0.9,"line_hashes":["234908212969495671642843883676120856444","13549203495841430523536775640372282430","148675843466775740615785274310661116510","230631042012119564335125601454259158752"]},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-58d1be4c","signature_type":"Line","target":{"file":"pjmedia/src/pjmedia-codec/and_aud_mediacodec.cpp"}},{"digest":{"threshold":0.9,"line_hashes":["234908212969495671642843883676120856444","98242687775482903560560409145528622969","201909697535225212013928998963604089897","196592156847247617171977464365492140017"]},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-5c66fe11","signature_type":"Line","target":{"file":"pjmedia/src/pjmedia-codec/passthrough.c"}},{"digest":{"threshold":0.9,"line_hashes":["174454471093818320377444601527960357446","278089180272853581080648432998689411013","275244125115495833982093692942278555399","210685476538547168922816857567395682753","50154784472544610356918628243528921834","180354783132405596052944926421275482317","57550829429154264206521301090145632057","312946977918712990627043260194089146068"]},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-7b37b07e","signature_type":"Line","target":{"file":"pjmedia/src/pjmedia-codec/opus.c"}},{"digest":{"length":4447,"function_hash":"144597341741900568512502988983669567987"},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-7f5906f8","signature_type":"Function","target":{"function":"codec_open","file":"pjmedia/src/pjmedia-codec/opus.c"}},{"digest":{"length":931,"function_hash":"120225991693687630763710444690840716075"},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-9f88bc5c","signature_type":"Function","target":{"function":"pjmedia_vid_conf_remove_port","file":"pjmedia/src/pjmedia/vid_conf.c"}},{"digest":{"threshold":0.9,"line_hashes":["190982183164846774748421382942672713865","196395715521384268165319541454123849993","135116797563231877181267927192651407960","222059502984561508293679063064947106202","122271856572625934038181984640289849662","242410098765156215846003211077764528189","114725590555173349627361846252235233586","279682066956964399708364752639132164106","120572928585327191159376768811161557046","232972406738799361017418318677718238542","87910392168721981099208608882630840223","330198222604212706547984307958013840552","186730181444343241082625980656706679976","218802757759411467898987744259810142954","312202595775928298988746582104998337025","25694742666059840431784252226301704172","53979542702504968436543266240527673093","228722063715379213927443388444861978684","257858441994775897896115169948244554161","203307914328907667018693401286951951222","96191017563577212516453737021105708620","311918063797087912660201603526849430295","48544634401613434956878623443256554740","119309695636171477265703522507653297743","334964263292428005003037616713448856775","99302475786573776551243703293462721356","19427346756099751934444400741464289456","230897361952791293046200725240233952546","191934083439188089426991643018507829131","291317209317879890648183048173582792219","247275008214612627927342006665589863230","139705178460756643425057447584530174266","79096934884551930039340152809056130625","114563732423907951168976724549724572804","263835534702141159614534112046163642490","230897361952791293046200725240233952546","191934083439188089426991643018507829131","291317209317879890648183048173582792219","247275008214612627927342006665589863230"]},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-a94d3ca5","signature_type":"Line","target":{"file":"pjmedia/src/pjmedia/vid_conf.c"}},{"digest":{"length":2126,"function_hash":"166193237661465554418975624517860118237"},"signature_version":"v1","source":"https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196","deprecated":false,"id":"CVE-2021-41141-b41ac2e4","signature_type":"Function","target":{"function":"pjmedia_vid_conf_connect_port","file":"pjmedia/src/pjmedia/vid_conf.c"}}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}