CVE

CVE-2025-65102

PJSIP is vulnerable to buffer overflow in Opus PLC

CVE

CVE-2025-65102

PJSIP is vulnerable to buffer overflow in Opus PLC

PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio codec in receiving direction. The vulnerability can lead to unexpected application termination due to a memory overwrite. This issue has been patched in version 2.16.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

8.7

4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65102.json, https://github.com/pjsip/pjproject/commit/6e9bd2e7d25bba26f852771b40693f45da14fa8f, https://github.com/pjsip/pjproject/security/advisories/GHSA-w5vr-39x7-h8g5, https://nvd.nist.gov/vuln/detail/CVE-2025-65102

Severity

0

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

0.0006%

EPSS Percentile

0.19082%

Introduced Version

Fix Available

6cab30cec44af36ba7c8a45ff7af2f74a8ed288c,2.16.0-r0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2025-65102

CVE-2025-65102

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

0

Basic Information

Fix Critical Vulnerabilities Instantly