Stack overflow in PJLIB leads to remote code execution when invoking
pjsua_playlist_create with malicious input
PJLIB (, 2.1.11], fixed in 2.12
CVE-2021-43301 was found in
pjsua_playlist_create (OO wrapper -
AudioMediaPlayer::createPlaylist) which creates a file playlist media port and automatically adds the port to the conference bridge.
Attackers that can remotely control the contents of the
file_names argument of
pjsua_player_create may cause remote code execution.
This function contains a stack overflow vulnerability when the child function
pjmedia_wav_playlist_create is called. This function copies each file name from
filename without checking if its length is at most
PJ_MAXPATH (260). If the file name length is longer - the copy will overflow the filename variable and trigger a stack overflow.
No PoC is supplied for this vulnerability.
No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading PJSIP to version 2.12.