CVE-2026-35203

Name of the Vulnerable Software and Affected Versions ZLMediaKit (affected versions not specified)

Description The software is a streaming media service framework. The VP9 RTP payload parser in ext-codec/VP9Rtp.cpp improperly handles RTP payloads, specifically failing to verify sufficient data exists in the buffer before reading multiple fields based on flag bits in the first byte. A crafted VP9 RTP packet with a 1-byte payload can trigger a heap-buffer-overflow due to reading past the end of the allocated buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.