JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP – A Popular Multimedia Library

JFrog's Security Research team uncovered five security vulnerabilities in PJSIP, an open-source multimedia communication library used by applications like WhatsApp and Asterisk. These vulnerabilities, which include stack overflows and buffer overflows, can lead to arbitrary code execution or denial of service when exploited. The affected functions include pjsua_player_create, pjsua_recorder_create, pjsua_playlist_create, and pjsua_call_dump, with risks contingent on passing attacker-controlled arguments. Although JFrog disclosed these vulnerabilities to PJSIP's maintainers, they have not identified any specific vulnerable applications. Users are advised to upgrade to PJSIP version 2.12 to address these issues, and JFrog's Xray SCA tool provides automated security scanning to identify such vulnerabilities.