PT-2026-35059 · Pjsip · Pjsip
Published
2026-04-24
·
Updated
2026-04-25
·
CVE-2026-41416
CVSS v4.0
8.1
High
| AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
PJSIP versions prior to 2.17
Description
An integer overflow occurs in the media stream buffer size calculation when processing Session Description Protocol (SDP) with asymmetric ptime configuration. This overflow can lead to an undersized buffer allocation, potentially resulting in memory corruption or unexpected application termination.
Recommendations
Update to version 2.17.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pjsip