PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This vulnerability is fixed in 2.17.
1:13.17.2~dfsg-1ubuntu11:13.17.2~dfsg-2ubuntu11:13.18.1~dfsg-1ubuntu11:13.18.3~dfsg-1ubuntu11:13.18.3~dfsg-1ubuntu21:13.18.3~dfsg-1ubuntu31:13.18.3~dfsg-1ubuntu41:16.2.1~dfsg-2build21:16.2.1~dfsg-2build31:16.2.1~dfsg-2ubuntu11:16.16.1~dfsg+~2.10-11:16.16.1~dfsg-21:16.16.1~dfsg-41:16.16.1~dfsg-4build11:18.10.0~dfsg+~cs6.10.40431411-21:20.4.0~dfsg+~cs6.13.40431414-21:20.5.0~dfsg+~cs6.13.40431414-11:20.5.1~dfsg+~cs6.13.40431414-11:20.5.2~dfsg+~cs6.13.40431414-11:20.6.0~dfsg+~cs6.13.40431414-11:20.6.0~dfsg+~cs6.13.40431414-21:20.6.0~dfsg+~cs6.13.40431414-2build31:20.6.0~dfsg+~cs6.13.40431414-2build41:20.6.0~dfsg+~cs6.13.40431414-2build51:22.2.0~dfsg+~cs6.15.60671435-21:22.3.0~dfsg+~cs6.15.60671435-11:22.4.1~dfsg+~cs6.15.60671435-11:22.4.1~dfsg+~cs6.15.60671435-21:22.5.1~dfsg+~cs6.15.60671435-11:22.5.2~dfsg+~cs6.15.60671435-11:22.5.2~dfsg+~cs6.15.60671435-11:13.1.0~dfsg-1.1ubuntu31:13.1.0~dfsg-1.1ubuntu41:13.1.0~dfsg-1.1ubuntu4.11:13.1.0~dfsg-1.1ubuntu4.1+esm12.1.0.0.ast20130823-12.1.0.0.ast20130823-1+deb8u1build0.16.04.12.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm12.6~dfsg-22.7.1~dfsg-12.7.1~dfsg-1build12.7.2~dfsg-12.7.2~dfsg-1ubuntu0.1~esm12.7~dfsg-1Exploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:LVA:HSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U