VDB

CVE-2025-65102

CVE-2025-65102 PUBLISHED CVSS 8.699999809265137 HIGH

PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio codec in receiving direction. The vulnerability can lead to unexpected application termination due to a memory overwrite. This issue has been patched in version 2.16.

EPSS 0.06% · 19.1th percentile

Risk Scores

CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.06%
19.1th percentile

Affected Products

VendorProductVersions
pjsippjproject< 2.16

Exploit Intelligence

Timeline

  • Nov 21, 2025 CVE Published
  • Nov 21, 2025 CVE Updated
  • Nov 22, 2025 EPSS Score
  • Nov 27, 2025 EPSS Score
  • Dec 2, 2025 EPSS Score
  • Dec 6, 2025 EPSS Score
  • Dec 11, 2025 EPSS Score
  • Dec 16, 2025 EPSS Score
  • Dec 21, 2025 EPSS Score
  • Dec 26, 2025 EPSS Score
  • Dec 30, 2025 EPSS Score
  • Jan 4, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›