Stack overflow in PJLIB leads to remote code execution when invoking
pjsua_playlist_create with malicious input
PJLIB (, 2.1.11], fixed in 2.12
CVE-2021-43301 was found in
pjsua_playlist_create (OO wrapper -
AudioMediaPlayer::createPlaylist) which creates a file playlist media port and automatically adds the port to the conference bridge.
Attackers that can remotely control the contents of the
file_names argument of
pjsua_player_create may cause remote code execution.
This function contains a stack overflow vulnerability when the child function
pjmedia_wav_playlist_create is called. This function copies each file name from
filename without checking if its length is at most
PJ_MAXPATH (260). If the file name length is longer - the copy will overflow the filename variable and trigger a stack overflow.
No PoC is supplied for this vulnerability.
No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading PJSIP to version 2.12.
(JFrog) 5 New Vulnerabilities Discovered in PJSIP Open Source Library