CVE-2026-26967

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and below

Description PJSIP, a multimedia communication library written in C, contains a Heap-based Buffer Overflow vulnerability in its H.264 unpacketizer. The issue arises when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without verifying that both bytes are within the payload buffer boundaries. This affects applications receiving video using H.264. The vulnerability allows remote attackers to potentially crash applications or execute code without authentication.

Recommendations Upgrade to version 2.17 or later.