Stack overflow in PJLIB leads to remote code execution when invoking pjsua_playlist_create with malicious input
PJLIB (, 2.1.11], fixed in 2.12
CVE-2021-43301 was found in pjsua_playlist_create (OO wrapper - AudioMediaPlayer::createPlaylist) which creates a file playlist media port and automatically adds the port to the conference bridge.
Attackers that can remotely control the contents of the file_names argument of pjsua_player_create may cause remote code execution.
This function contains a stack overflow vulnerability when the child function pjmedia_wav_playlist_create is called. This function copies each file name from file_list to filename without checking if its length is at most PJ_MAXPATH (260). If the file name length is longer - the copy will overflow the filename variable and trigger a stack overflow.
No PoC is supplied for this vulnerability.
No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading PJSIP to version 2.12.
(JFrog) 5 New Vulnerabilities Discovered in PJSIP Open Source Library