{"id":"CVE-2022-24764","summary":"Stack buffer overflow in pjproject","details":"PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.","aliases":["GHSA-f5qg-pqcg-765m"],"modified":"2026-05-18T19:57:12.518658Z","published":"2022-03-22T00:00:00Z","database_specific":{"cwe_ids":["CWE-120","CWE-121"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24764.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24764.json"},{"type":"ADVISORY","url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24764"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-37"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5285"},{"type":"FIX","url":"https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pjsip/pjproject","events":[{"introduced":"0"},{"fixed":"560a1346f87aabe126509bb24930106dea292b00"}]}],"versions":["2.12","2.11","2.10"],"database_specific":{"vanir_signatures_modified":"2026-05-18T19:57:12Z","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","target":{"function":"print_media_desc","file":"pjmedia/src/pjmedia/sdp.c"},"deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00","id":"CVE-2022-24764-0d4caacd","digest":{"length":1555,"function_hash":"208854040160421128083462874726642136992"}},{"signature_type":"Line","signature_version":"v1","target":{"file":"pjmedia/src/pjmedia/sdp.c"},"deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00","id":"CVE-2022-24764-6eb5cec9","digest":{"line_hashes":["64606461958681302124486533034512187286","171153498388362914232929143315636409437","44614615952275966661384869488049674806","140311919359401355541339152786259427539","84254501011695234206729329924491445531","103631987683654890207061452575892070391","127423530390851093415962959140125219611","64110003409475490530906640567752700472","114618772119433327705211110644570447310"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24764.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}