CVE-2017-16872 – Debian Security Advisory 4170-1

https://notcve.org/view.php?id=CVE-2017-16872

17 Nov 2017 — An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values. Se ha descubierto un error en Teluu pjproject (pjlib y pjlib-util) en PJSIP, en versiones anteriores ... • https://trac.pjsip.org/repos/milestone/release-2.7.1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •