Stack overflow in PJLIB leads to remote code execution when invoking
pjsua_player_create with malicious input
PJLIB (, 2.1.11], fixed in 2.12
CVE-2021-43299 was found in
pjsua_player_create (OO wrapper -
AudioMediaPlayer::createPlayer) which creates a file player and automatically adds this player to the conference bridge.
Attackers that can remotely control the contents of the
filename argument of
pjsua_player_create may cause remote code execution.
This function contains a stack overflow vulnerability when
filename->ptr is being copied to
path without verifying that
filename->slen (the filename size) is at most
path’s allocated size which is
PJ_MAXPATH (260). Therefore, passing a filename longer than 260 characters will cause a stack overflow.
No PoC is supplied for this vulnerability.
No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading PJSIP to version 2.12.