Stack overflow in PJLIB leads to remote code execution when invoking
pjsua_player_create with malicious input
PJLIB (, 2.1.11], fixed in 2.12
CVE-2021-43299 was found in
pjsua_player_create (OO wrapper -
AudioMediaPlayer::createPlayer) which creates a file player and automatically adds this player to the conference bridge.
Attackers that can remotely control the contents of the
filename argument of
pjsua_player_create may cause remote code execution.
This function contains a stack overflow vulnerability when
filename->ptr is being copied to
path without verifying that
filename->slen (the filename size) is at most
path’s allocated size which is
PJ_MAXPATH (260). Therefore, passing a filename longer than 260 characters will cause a stack overflow.
No PoC is supplied for this vulnerability.
No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading PJSIP to version 2.12.
(JFrog) 5 New Vulnerabilities Discovered in PJSIP Open Source Library