CVE-2026-34235

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17

Description A heap out-of-bounds read exists in the VP9 RTP unpacketizer when parsing crafted VP9 Scalability Structure (SS) data. This occurs due to insufficient bounds checking on the payload descriptor length, which may lead to reads beyond the allocated RTP payload buffer.

Recommendations Update to version 2.17. As a temporary workaround, disable the VP9 codec if it is not required.