CVE-2022-24764 in PJSIP
Summary
by MITRE • 03/22/2022
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/05/2026
The vulnerability CVE-2022-24764 represents a critical stack buffer overflow in the PJSIP multimedia communication library, specifically impacting versions 2.12 and earlier. This issue stems from improper input validation within the SDP (Session Description Protocol) parsing functionality, which is fundamental to multimedia communication systems. The vulnerability manifests when applications utilize the PJSUA2 API or directly invoke the pjmedia_sdp_print() and pjmedia_sdp_media_print() functions, which are responsible for serializing SDP descriptions into printable formats. The flaw occurs during the processing of malformed or specially crafted SDP data structures that exceed the allocated buffer boundaries, creating potential exploitation vectors for remote attackers.
The technical implementation of this vulnerability resides in the memory management practices of the PJSIP library's SDP handling components. When the pjmedia_sdp_print() and pjmedia_sdp_media_print() functions process SDP data, they fail to properly validate the length of input parameters or the size of nested structures within the SDP description. This lack of bounds checking allows an attacker to craft malicious SDP content that triggers a stack-based buffer overflow condition. The vulnerability is classified under CWE-121 Stack-based Buffer Overflow, which is a well-established category of memory safety issues that can lead to arbitrary code execution. The attack surface is specifically limited to applications that directly interact with these API functions, making the impact more contained but still significant for affected systems.
The operational impact of CVE-2022-24764 extends beyond simple denial of service scenarios, as it creates opportunities for remote code execution and system compromise. Attackers who can inject malicious SDP data into communication flows may exploit this vulnerability to execute arbitrary code on vulnerable systems, potentially leading to complete system takeover. This risk is particularly concerning given that PJSIP is widely used in VoIP systems, video conferencing applications, and other real-time communication platforms where SDP negotiation is fundamental. The vulnerability affects both server and client implementations that process SDP data, making it a potential target for man-in-the-middle attacks or malicious service providers who could exploit the flaw to gain unauthorized access to communication endpoints. The impact aligns with ATT&CK technique T1203, which describes exploitation of software vulnerabilities for privilege escalation and persistent access.
Organizations utilizing PJSIP versions 2.12 or earlier must implement immediate mitigation strategies to protect their communication infrastructure. The recommended approach involves upgrading to the patched version available in the master branch of the pjsip/pjproject GitHub repository, which addresses the buffer overflow through proper bounds checking and input validation mechanisms. System administrators should also consider implementing network segmentation and monitoring for unusual SDP data patterns that might indicate exploitation attempts. Additionally, defensive programming practices should be enforced in applications that integrate PJSIP, including input sanitization and proper error handling for SDP processing functions. The vulnerability demonstrates the importance of maintaining up-to-date communication libraries and implementing comprehensive security testing for multimedia applications that handle external data inputs. Organizations should also consider deploying intrusion detection systems that can identify potential exploitation attempts targeting this specific vulnerability pattern.