PT-2026-23655 · Pjsip · Pjsip
Mfroeschl
·
Published
2026-03-06
·
Updated
2026-03-11
·
CVE-2026-29068
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
PJSIP versions prior to 2.17
Description
PJSIP is a multimedia communication library written in C. A stack buffer overflow exists in the Opus codec parser when processing RTP payloads containing more frames than the allocated buffer can handle. This issue could allow attackers to crash applications or potentially execute code. No authentication is required to exploit this issue.
Recommendations
Upgrade to version 2.17 or later.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pjsip