CVE-2025-65102

Vulnerability Description

PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio codec in receiving direction. The vulnerability can lead to unexpected application termination due to a memory overwrite. This issue has been patched in version 2.16.

Related Weaknesses (CWE)

References

• https://github.com/pjsip/pjproject/commit/6e9bd2e7d25bba26f852771b40693f45da14fa
• https://github.com/pjsip/pjproject/security/advisories/GHSA-w5vr-39x7-h8g5

FAQ

What is CVE-2025-65102?

CVE-2025-65102 is a documented vulnerability. PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is bas...

How severe is CVE-2025-65102?

CVSS scoring is not yet available for CVE-2025-65102. Check NVD for updates.

Is there a patch for CVE-2025-65102?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.