CVE-2026-33069

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and below

Description PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a cascading out-of-bounds heap read in the pjsip multipart parse() function. After boundary string matching, the curptr variable is advanced past the delimiter without verifying it has not reached the buffer end, allowing 1-2 bytes of adjacent heap memory to be read. All applications that process incoming SIP messages with multipart bodies or SDP content are potentially affected.

Recommendations Upgrade to version 2.17.