CVE-2025-65102 is a classic buffer overflow vulnerability classified under CWE-120, found in the pjproject component of the PJSIP open-source multimedia communication library. The issue specifically affects versions prior to 2.16 and involves the Opus audio codec's Packet Loss Concealment (PLC) feature during the receiving direction. The vulnerability occurs because the Opus PLC zero-fills the input frame based on the decoder's packet time (ptime), but the actual input frame length, which depends on the stream's ptime, may be shorter. This discrepancy leads to a buffer copy operation that does not properly check the size of the input buffer, resulting in a memory overwrite. The consequence is an unexpected application termination, which impacts the availability of the affected software. The vulnerability does not require any authentication or user interaction, and the attack vector is network-based, making it remotely exploitable. The CVSS 4.0 score of 8.7 reflects the high impact on availability and the ease of exploitation. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to systems using PJSIP with the Opus codec for real-time communications. The issue has been addressed and patched in version 2.16 of pjproject, and users are strongly advised to upgrade to this or later versions to mitigate the risk.

For European organizations, this vulnerability poses a substantial threat to the availability and reliability of real-time communication systems that utilize PJSIP with the Opus codec, such as VoIP services, video conferencing, and other multimedia communication platforms. Disruption caused by unexpected application termination can lead to denial-of-service conditions, impacting business operations, customer communications, and emergency response capabilities. Critical sectors including telecommunications, finance, healthcare, and government services that rely heavily on stable and secure communication channels are particularly vulnerable. The remote exploitability without authentication increases the risk of widespread attacks, potentially affecting large-scale deployments. Moreover, the memory corruption could be leveraged in more sophisticated attacks if combined with other vulnerabilities, although no such exploits are currently known. The impact extends to service providers and enterprises across Europe, especially those with extensive VoIP infrastructure or those integrating PJSIP in their communication stacks.

1. Immediate upgrade to pjproject version 2.16 or later, where the vulnerability is patched, is the most effective mitigation. 2. Conduct an inventory of all systems using PJSIP and identify those employing the Opus codec in the receiving direction. 3. Apply network-level protections such as intrusion detection/prevention systems (IDS/IPS) configured to monitor and block anomalous traffic targeting VoIP services. 4. Implement strict input validation and memory safety checks in any custom integrations or wrappers around PJSIP to prevent buffer overflows. 5. Employ segmentation and isolation of critical communication infrastructure to limit the blast radius of potential exploitation. 6. Monitor logs and system behavior for signs of unexpected application termination or crashes that could indicate exploitation attempts. 7. Engage with vendors and open-source communities to stay informed about patches and security advisories related to PJSIP and Opus codec. 8. Consider deploying application-layer firewalls that can inspect and filter malformed or suspicious RTP/Opus packets. 9. Regularly test and audit communication systems for vulnerabilities and resilience against buffer overflow attacks.