Search for vulnerabilities
Vulnerability details: VCID-jgp1-nkv2-aaaj
Vulnerability ID VCID-jgp1-nkv2-aaaj
Aliases CVE-2022-24792
Summary PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
System Score Found at
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00237 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00396 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00537 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00849 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00849 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00849 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
epss 0.00966 https://api.first.org/data/v1/epss?cve=CVE-2022-24792
cvssv3.1 7.5 https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
ssvc Track https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
cvssv3.1 7.5 https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
ssvc Track https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24792
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24792
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24792
cvssv3.1 7.5 https://security.gentoo.org/glsa/202210-37
ssvc Track https://security.gentoo.org/glsa/202210-37
cvssv3.1 7.5 https://www.debian.org/security/2022/dsa-5285
ssvc Track https://www.debian.org/security/2022/dsa-5285
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-24792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
https://security.gentoo.org/glsa/202210-37
https://www.debian.org/security/2022/dsa-5285
1014976 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:x86:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:x86:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2022-24792 https://nvd.nist.gov/vuln/detail/CVE-2022-24792
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/ Found at https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/ Found at https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/ Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/ Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24792
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24792
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24792
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202210-37
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/ Found at https://security.gentoo.org/glsa/202210-37
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2022/dsa-5285
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/ Found at https://www.debian.org/security/2022/dsa-5285
Exploit Prediction Scoring System (EPSS)
Percentile 0.43479
EPSS Score 0.00208
Published At May 11, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.