pjproject is vulnerable to out of bounds read. The vulnerability exists in pjmedia_rtcp_xr_rx_rtcp_xr
of rtcp_xr.c
due to a lack of validation of received packet size which allows an attacker to send a RTCP XR
message with an invalid packet size.
github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
github.com/pjsip/pjproject/pull/2924
github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
lists.debian.org/debian-lts-announce/2022/03/msg00035.html
lists.debian.org/debian-lts-announce/2022/11/msg00021.html
secdb.alpinelinux.org/edge/main.yaml
security.gentoo.org/glsa/202210-37
www.debian.org/security/2022/dsa-5285