Tag Archives: VoIP

Buffer overflow in PJSIP, a VoIP open source library

Hi all, I am Youngsung Kim (Facebook, Twitter) of the Application Security team at LINE and am in charge of evaluating security of LINE services. On this post, I’d like to share a vulnerability (CVE-2017-16872, AST-2017-009) of PJSIP, a VoIP open source library. PJSIP is a multimedia communication library based on the following standard protocols; SIP, SDP, RTP, STUN, TURN, and ICE. The Asterisk framework, widely used on IP-PBX and VoPI gateway has an SIP stack implemented based on PJSIP.

The cause of the vulnerability was due to incautiousness about sign extension for Integers in the process of converting signed int to unsigned long when handling client’s SIP requests on 64-bit environment. There was no window to report the security issue to the PJSIP development teams, so I made my report to the Asterisk’s security page. Afterwards, I’ve consulted with George Joseph, an engineer at Asterisk, and the patch (PJSIP patch, Asterisk patch) has been applied on the pjproject v2.7.1. I’d like to express my gratitude to George for processing the patch.

LINE Group Call – Conference calls with up to 200 people

Hello, my name is Park Jungjun and I am currently developing the LINE Group Call feature.

One of LINE’s goals in development is Closing the Distance. To make this come true, LINE develops many different conversation services. On this LINE Engineering Blog post, I would like to introduce you to the features and technologies of one of our conversation services, LINE Group Call.

LINE Group Call – Make voice calls with up to 200 people simultaneously

LINE Group Call lets users have conference calls with up to 200 people simultaneously. Calls are made right from the LINE app. LINE Group Call was first released on March, 2016 with a voice call feature. By December, a video call feature was added to LINE Group Call. Using LINE Group Call, LINE users can make voice and video calls with their friends anywhere in the world for free.

To use LINE Group Call, the following versions of LINE or above must be installed on your device.

  • LINE Group Voice Call: LINE iOS 5.11.0 or above, LINE Android 5.11.0 or above, LINE Desktop (Windows/macOS) 4.5.0 or above.
  • LINE Group Video Call: LINE iOS 6.9 or above, LINE Android 6.9.2 or above, LINE Desktop (Windows) 5.0.0 or above.