id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,backport_to_milestone,backported 2166,Possible buffer overread if RTCP packet length is invalid,ming,nanang,"If RTCP packet length is invalid (contains a large number), there is a potential buffer overread, which may lead to crash when parsing the packet. The problem is caused because when parsing, we pass the invalid length as the packet size in {{{pjmedia_rtcp_rx_rtcp() (rtcp.c)}}}, for example: {{{ len = (pj_ntohs((pj_uint16_t)common->length)+1) * 4; .... parse_rtcp_report(sess, p, len); }}} ",defect,closed,major,release-2.9,pjmedia,trunk,fixed,,,,0