pjproject is vulnerable to out of bounds read. The vulnerability exists due to the incoming RTCP BYE message contains a reason’s length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access.
github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e
github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
lists.debian.org/debian-lts-announce/2022/03/msg00035.html
lists.debian.org/debian-lts-announce/2022/11/msg00021.html
secdb.alpinelinux.org/edge/main.yaml
security.gentoo.org/glsa/202210-37
www.debian.org/security/2022/dsa-5285