PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmediartcpfbparserpsi() will be affected. A patch is available in the master
branch of the pjsip/pjproject
GitHub repository. There are currently no known workarounds.
[ { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/include/pjmedia/rtcp.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "165995524492436826008003506642633984663", "133677705103140688164641498824501451838", "259416313368328582248717219098280088060", "275042734431304601182449312341257355525", "315017238303910129215355466154252445143", "9785129354242514087666748086975513146", "248520022701370530477136390898768636120" ] }, "deprecated": false, "signature_type": "Line", "id": "CVE-2022-24786-21e440aa" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp_fb.c", "function": "pjmedia_rtcp_fb_build_pli" }, "digest": { "length": 435.0, "function_hash": "168063144898134625731881996357407537201" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-24786-4317ab18" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "964439388615226985698997407795386987", "50204984969835633399775829997712536506", "287918432622299211532943669813028585746" ] }, "deprecated": false, "signature_type": "Line", "id": "CVE-2022-24786-4f5aff4c" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp_fb.c", "function": "pjmedia_rtcp_fb_build_rpsi" }, "digest": { "length": 966.0, "function_hash": "244933196571783332507735174379855200381" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-24786-51f68369" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp_fb.c", "function": "pjmedia_rtcp_fb_parse_pli" }, "digest": { "length": 250.0, "function_hash": "59107664360155524107031641192224396246" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-24786-5d60ad9b" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp_fb.c", "function": "pjmedia_rtcp_fb_build_sli" }, "digest": { "length": 984.0, "function_hash": "93656797793835204070577170656320131103" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-24786-638bee8d" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp_fb.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "136240410088742296705772047800924144113", "35442197088114250396656572578836334293", "154075623763773457904980524318011815154", "310665599734495266714031996795508787941", "20179806556529709960762190055534847972", "286700084851521208817823206610639115158", "153034554123646571854937932715094792321", "193381654561696936814996422841026129395", "295365524326838692769138613687159632374", "133165721604424386706341832039652350306", "205858442581220285236514813248029197027", "224031328614288986786483434243885895843", "225917394875965150333199247254367621830", "42501037523490756143726121001884561741", "28210177212912202399789278425357354588", "167397670088549371046139874051247622116", "145962196915257114290432251413077897036", "286700084851521208817823206610639115158", "83075158924538489746533858654680690773", "267283128907408447487385435212071058441", "74106037376466198152252078134084687130", "206198154095985401271778245773402750938", "177961226039933892190784664596357570023", "126335141843718667944072786677383531973", "308444220955209496626806896612295352260", "60305106090579602383548546653814353306", "154075623763773457904980524318011815154", "256784159461056105686596780602508110211", "152262539895184772015022753487278489179", "286700084851521208817823206610639115158", "83075158924538489746533858654680690773", "74336809394835436916014339320823966656", "86410367365705577388299692240936726545", "117389644708177543473052186783748971628", "293610155405813823430055057381672445073", "116179316978520165863042174586841248431", "97715746124691174704740611419846357540", "98811835161896908310663488871526223014", "67465692442535808179433388336991932499", "251143790466576814367938593725222714062", "172091639621107861454168400088597082465", "286700084851521208817823206610639115158", "83075158924538489746533858654680690773", "232965584444940678591961809518722867232", "255177946821926364215325558766644456195", "317666151878657392766173717557113868539", "242043878000380821669380951326917176034", "88102791677473570263706675981717826430", "147938607712757035528560182097947771368", "328488060198175468068437065936278431635", "20847772060190969428936463205045867795", "169158891931712598715147489688037706513", "87087974366565370710644087313906301788", "23367499136104938575096810792606253902", "266837714915104584616569252580949862045", "132639941295466046424930411403920946578", "135857654446051656955626178117893656433", "71920202491829298080420304535402815330", "85776037159513251487851203824788478834", "340206066551304017674915033169997853941", "20295337275857860672113840226532542218", "23520211397829419137984170724560079581", "98318046599372351793048424203211655592", "164186401215260677572221986200585268890", "237923781342697461932095293702794514670", "299494282303633696341558179651167312851", "191276864308108881242200122031726004091", "49876967754635265282810827432417734185", "210913656831397099295104940631373593618", "20847772060190969428936463205045867795", "237763291743957568030476749733476397643", "135297353339173716328236429376019108947", "134137191368526952044242400584346595457", "96947463441960904297764255525743595957", "38703457680190538870662133001516326373", "150709128243431570115596014354477175679", "97264480108296867183066344461584939808", "4958508832244408298917208618408159898", "91009573975692615513105659138803952645", "339429807016937708142727521954260297841", "82049557908742157110539712658294716172", "175502204172754850583098750892740561980", "206616321930301122192270845340883930514", "334404824076899210639135511173190382166", "303529409535329389777347661363692782417", "127591588950595382850822244686233348561", "214358625509582564936212787588501455635", "264755995101009325106516356812634981167", "195230002423061672805434853229851594352", "70624981739514977603439647510245136091", "166098654200228914341568687469717937880", "152076907751928020243350104974567975118", "109044972446898133726937146502002462155", "275910609831731129721579009494165084402" ] }, "deprecated": false, "signature_type": "Line", "id": "CVE-2022-24786-8255df86" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp_fb.c", "function": "pjmedia_rtcp_fb_parse_nack" }, "digest": { "length": 805.0, "function_hash": "212353346985565153226716986469422583976" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-24786-8e063512" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp_fb.c", "function": "pjmedia_rtcp_fb_parse_rpsi" }, "digest": { "length": 658.0, "function_hash": "307157754031175078101402685271114253889" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-24786-980d9c4b" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp_fb.c", "function": "pjmedia_rtcp_fb_parse_sli" }, "digest": { "length": 844.0, "function_hash": "73868422228055501526843496509143267213" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-24786-aba8afa7" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp_fb.c", "function": "pjmedia_rtcp_fb_build_nack" }, "digest": { "length": 803.0, "function_hash": "316162260467219681407781952138856336526" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-24786-cb7ef3d2" }, { "source": "https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508", "signature_version": "v1", "target": { "file": "pjmedia/src/pjmedia/rtcp.c", "function": "pjmedia_rtcp_init2" }, "digest": { "length": 934.0, "function_hash": "281464819933803757277780384086131965126" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2022-24786-cf4afce2" } ]