The new fuzz-video fuzzer has identified a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked pointer arithmetic that can read from memory located before the allocated buffer.
Impact
This vulnerability affects applications that sends video using H.264 with packetization mode other than single NAL. This leads to a heap-use-after-free condition, causing unexpected application termination.
Patches
The patch is available as commit 5aee54f in the master branch.
arthurscchan Finder
The new
fuzz-videofuzzer has identified a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked pointer arithmetic that can read from memory located before the allocated buffer.Impact
This vulnerability affects applications that sends video using H.264 with packetization mode other than single NAL. This leads to a heap-use-after-free condition, causing unexpected application termination.
Patches
The patch is available as commit 5aee54f in the master branch.