Source: asterisk X-Debbugs-CC: [email protected] Severity: grave Tags: security
Hi, The following vulnerability was published for asterisk. CVE-2025-65102[0]: | PJSIP is a free and open source multimedia communication library. | Prior to version 2.16, Opus PLC may zero-fill the input frame as | long as the decoder ptime, while the input frame length, which is | based on stream ptime, may be less than that. This issue affects | PJSIP users who use the Opus audio codec in receiving direction. The | vulnerability can lead to unexpected application termination due to | a memory overwrite. This issue has been patched in version 2.16. https://github.com/pjsip/pjproject/security/advisories/GHSA-w5vr-39x7-h8g5 https://github.com/pjsip/pjproject/commit/6e9bd2e7d25bba26f852771b40693f45da14fa8f If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-65102 https://www.cve.org/CVERecord?id=CVE-2025-65102 Please adjust the affected versions in the BTS as needed.
