Memory Overwrite Vulnerability in PJSIP Affecting Opus Audio Codec
CVE-2025-65102

8.7HIGH

Key Information:

Vendor: Pjsip
Status: Pjproject
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-65102?

A vulnerability exists in PJSIP, a widely used multimedia communication library, where improper handling of the Opus audio codec can lead to a memory overwrite. Specifically, when processing audio streams, the decoder's ptime may conflict with varying input frame lengths, resulting in the potential zero-filling of input frames. This can cause unexpected application termination, posing a significant risk to users relying on the Opus codec for audio transmission. The issue has been addressed in version 2.16 of PJSIP, and users are strongly encouraged to update to this version to mitigate any security risks.

Affected Version(s)

pjproject < 2.16

References

https://github.com/pjsip/pjproject/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/pjsip/pjproject/commit/6e9bd2e7d25bba2...

x_refsource_MISC

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Nov 17, 2025

JSON

Pjsip

What is CVE-2025-65102?

Affected Version(s)

References

CVSS V4

Timeline