CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24763 – Infinite Loop in PJSIP
https://notcve.org/view.php?id=CVE-2022-24763
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. PJSIP es una biblioteca de comunicación multimedia gratuita y de código abierto escrita en lenguaje C. • https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21 https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4 https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html https://security.gentoo.org/glsa/202210-37 https://www.debian.org/security/2022/dsa-5285 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2003
https://notcve.org/view.php?id=CVE-2015-2003
The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. PJSIP PJSUA2 SDK, en versiones anteriores a SVN Changeset 51322 para Android, podría permitir que atacantes ejecuten código arbitrario aprovechando un método "finalize" en una clase "Serializable" que pasa indebidamente un puntero controlado por el atacante a una función nativa. • https://alephsecurity.com/vulns/aleph-2015004 https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf • CWE-118: Incorrect Access of Indexable Resource ('Range Error') •