The fuzz-video fuzzer has identified a critical heap buffer overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds.
Impact
This vulnerability affects applications that receives video using H.264.
Patches
The patch is available as commit f821c21 in the master branch.
arthurscchan Finder
The
fuzz-videofuzzer has identified a critical heap buffer overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds.Impact
This vulnerability affects applications that receives video using H.264.
Patches
The patch is available as commit f821c21 in the master branch.