CVE-2022-24792

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-24792
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24792.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-24792
Downstream
Related
  • GHSA-rwgw-vwxg-q799
Published
2022-04-25T16:16:09Z
Modified
2025-09-19T13:47:58.820285Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the master branch of the pjsip/project GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.

References

Affected packages

Alpine:v3.16

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.1-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0

Alpine:v3.17

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.1-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0

Alpine:v3.18

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.1-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0

Alpine:v3.19

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.1-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0

Alpine:v3.20

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.1-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0

Alpine:v3.21

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.1-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0

Alpine:v3.22

pjproject

Package

Name
pjproject
Purl
pkg:apk/alpine/pjproject?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.1-r0

Affected versions

1.*

1.0.1-r0
1.4-r0
1.4-r1
1.6-r0
1.6-r1
1.6-r2
1.10-r0

2.*

2.0-r0
2.1-r0
2.2-r0
2.2.1-r0
2.3-r0
2.4-r0
2.4.5-r0
2.5.5-r0
2.5.5-r1
2.5.5-r2
2.5.5-r3
2.5.5-r4
2.7.2-r0
2.7.2-r1
2.7.2-r2
2.7.2-r3
2.7.2-r4
2.8-r0
2.9-r0
2.11-r0
2.11.1-r0
2.11.1-r1
2.11.1-r2
2.12-r0

Git

github.com/pjsip/pjproject

Affected ranges

Type
GIT
Repo
https://github.com/pjsip/pjproject
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
947bc1ee6d05be10204b918df75a503415fd3213

Affected versions

2.*

2.10
2.11
2.12

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2022-24792-05d03dc8",
            "digest": {
                "length": 414.0,
                "function_hash": "60263120204433072670714257998056589016"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "pjlib/src/pj/file_io_ansi.c",
                "function": "pj_file_setpos"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        },
        {
            "id": "CVE-2022-24792-2910d008",
            "digest": {
                "line_hashes": [
                    "330035909719240070606511319648916553562",
                    "327063039077951057725531642848580530494",
                    "96314009225904133892911132259951526981",
                    "174385902580228764356073450683989070702",
                    "283960523058742036860128908610764741340",
                    "101761635976506361732485310898882079329",
                    "149651238927050752326508464797219351725",
                    "186690466209121416861604510917047369574",
                    "84496458848488717437003618598429422733",
                    "90103410702752932775749928662754971312",
                    "235602112393539942855418670861770764311",
                    "11825329704778565315480468944854869115",
                    "307265511734168193014654849123086169965",
                    "170362113308601653857167239192159649050",
                    "259586377455386887778648358261562683180",
                    "281374355349652618476601907775253284879",
                    "191766905732308411324625206673384893657",
                    "109739764826957131342270461013472165867",
                    "82493775720406639430499858732133614664",
                    "266985302559214236578162068390621897245",
                    "242713667067726800469679543957380878743",
                    "248322234928671032424539694980005080202",
                    "71843235138694245016537495454054010844",
                    "40969617158878647033487161020536736222",
                    "187316605705469093594424539171823058778"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "pjmedia/src/pjmedia/avi_player.c"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        },
        {
            "id": "CVE-2022-24792-3432355f",
            "digest": {
                "length": 4341.0,
                "function_hash": "311678921704441876877067354656706562022"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "pjmedia/src/pjmedia/wav_player.c",
                "function": "pjmedia_wav_player_port_create"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        },
        {
            "id": "CVE-2022-24792-771a7ed4",
            "digest": {
                "length": 7551.0,
                "function_hash": "88009946889954725590188535546192931756"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "pjmedia/src/pjmedia/avi_player.c",
                "function": "pjmedia_avi_player_create_streams"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        },
        {
            "id": "CVE-2022-24792-7ad1555c",
            "digest": {
                "line_hashes": [
                    "234780605003106432861759692764117140651",
                    "177792145055221609529693096204886089962",
                    "155994475192612508591847130549820829912",
                    "266635302091591995785029034784720283949",
                    "219965592252872759197873819599973170915",
                    "147289216440791585185550891671924294729",
                    "216444719378403846082658826372578205277",
                    "39316611166668126294058636503084823282",
                    "237588676947409836218373790383822157839",
                    "224504939714208979918400099258740334412",
                    "255298923284740055903661691793161706318",
                    "55457058224990970764372760986186692383",
                    "323706679054757690462794396779644228660",
                    "210976495118491751050384602728845790266",
                    "172051875035855707750019585346942383979",
                    "92424731445195119019599099283851365176"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "pjmedia/src/pjmedia/wav_playlist.c"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        },
        {
            "id": "CVE-2022-24792-7fd5bb26",
            "digest": {
                "line_hashes": [
                    "265914092897662268786890147923750454382",
                    "2550956571299987187987251958021663469",
                    "275946985500384516839748078367936704995",
                    "224142126886732827707322969507471068260",
                    "221730388363705272033727877137633997309"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "pjlib/include/pj/types.h"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        },
        {
            "id": "CVE-2022-24792-a367fa86",
            "digest": {
                "line_hashes": [
                    "140213847486433063987625072011277509564",
                    "19275338327713763574775720682520264063",
                    "241391874304712850443472948253365473099",
                    "11019159423132371261805469580261503269",
                    "100095325496756335945068429285304604102",
                    "143793305705152029965327918096600892811"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "pjlib/src/pj/file_io_ansi.c"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        },
        {
            "id": "CVE-2022-24792-a88bea6f",
            "digest": {
                "length": 5383.0,
                "function_hash": "257206886943690643904865102001879039864"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "pjmedia/src/pjmedia/avi_player.c",
                "function": "avi_get_frame"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        },
        {
            "id": "CVE-2022-24792-eee248d6",
            "digest": {
                "length": 5998.0,
                "function_hash": "319945198955750161944630612627635229115"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "pjmedia/src/pjmedia/wav_playlist.c",
                "function": "pjmedia_wav_playlist_create"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        },
        {
            "id": "CVE-2022-24792-f818c77a",
            "digest": {
                "line_hashes": [
                    "148851357336189296134397496263155529356",
                    "221898535019962582624255516917921757816",
                    "266877716697532895840617714338187228640",
                    "193820012315010988805755086199644990652",
                    "196502481766597944144747858118964587864",
                    "55555532733740701633646994666800368829",
                    "113795981307509510680315839610312524430",
                    "261176306718789661389230379725753154652",
                    "72488589988798473927171880718836550798",
                    "174650650864873452085684182806477980834",
                    "62838455024593073927578117288798784677",
                    "102421962031597708572588513053544625650",
                    "309958392742816604085104047263412469274",
                    "211528842485790957103416568410648229808",
                    "54616906274186259894320273291752643766",
                    "1507375392125749025754772986503779534"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "pjmedia/src/pjmedia/wav_player.c"
            },
            "signature_version": "v1",
            "source": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"
        }
    ]
}