pjproject is vulnerable to out-of-bounds read and write. An attacker is able to cause out-of-bounds read/write via pjmedia_rtcp_fb_parse_rpsi
function, when parsing incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet.
github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508
github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q
lists.debian.org/debian-lts-announce/2022/11/msg00021.html
secdb.alpinelinux.org/edge/main.yaml
security.gentoo.org/glsa/202210-37
www.debian.org/security/2022/dsa-5285