CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

693 matches found

Debian CVE•added 2026/04/24 6:38 p.m.•5 views

CVE-2026-41415

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This...

9.1CVSS5.5AI score0.00308EPSS

Exploits0

Positive Technologies•added 2026/04/24 12:0 a.m.•4 views

PT-2026-35058

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description An out-of-bounds read occurs when parsing a malformed Content-ID URI in a SIP multipart message body. This is caused by insufficient length validation, which allows reads to extend beyond the intended...

8.8CVSS5.4AI score0.00308EPSS

Exploits0References5

RedhatCVE•added 2026/04/22 11:25 a.m.•4 views

CVE-2026-40892

A flaw was found in PJSIP, a multimedia communication library. This vulnerability, a stack buffer overflow, occurs in the pjsipauthcreatedigest2 function when processing pre-computed digest credentials. A remote attacker could exploit this by providing specially crafted credential data, leading t...

9.8CVSS6.6AI score0.00419EPSS

Exploits0References2

Tenable Nessus•added 2026/04/22 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-40892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsipauthcreatedigest2 in...

9.8CVSS5.7AI score0.00419EPSS

Exploits0References2

Tenable Nessus•added 2026/04/22 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-40614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames d...

8.8CVSS5.9AI score0.00224EPSS

Exploits0References2

NVD•added 2026/04/21 9:16 p.m.•3 views

CVE-2026-40892

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsipauthcreatedigest2 in PJSIP when using pre-computed digest credentials PJSIPCREDDATADIGEST. The function copies credential data using credinfo-data.slen as the...

9.8CVSS0.00419EPSS

Exploits0References2

OSV•added 2026/04/21 9:16 p.m.•3 views

UBUNTU-CVE-2026-40892

9.8CVSS6AI score0.00419EPSS

Exploits0References4

Vulnrichment•added 2026/04/21 7:55 p.m.•2 views

CVE-2026-40892 PJSIP: Stack buffer overflow in pjsip_auth_create_digest2()

9.3CVSS6AI score0.00419EPSS

Exploits0References2

CVE•added 2026/04/21 7:55 p.m.•10 views

CVE-2026-40892

CVE-2026-40892 (PJSIP) : A stack buffer overflow exists in pjsip_auth_create_digest2() for 2.16 and earlier when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies cred_info->data.slen without an upper-bound check, which can overflow the fixed-size ha1 buffer (...

9.8CVSS6AI score0.00419EPSS

Exploits0References2Affected Software1

Debian CVE•added 2026/04/21 7:55 p.m.•4 views

CVE-2026-40892

9.8CVSS5.6AI score0.00419EPSS

Exploits0

RedhatCVE•added 2026/04/21 7:28 p.m.•3 views

CVE-2026-40614

A flaw was found in PJSIP, a multimedia communication library. A remote attacker could exploit a buffer overflow vulnerability when decoding Opus audio frames due to insufficient buffer size validation. This flaw allows for a heap buffer overflow, which may lead to arbitrary code execution or...

8.8CVSS6.6AI score0.00224EPSS

Exploits0References2

OSV•added 2026/04/21 7:16 p.m.•3 views

ALPINE-CVE-2026-40614

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers decframe.buf were allocated based on a...

8.8CVSS5.9AI score0.00224EPSS

Exploits0References1

OSV•added 2026/04/21 7:16 p.m.•2 views

DEBIAN-CVE-2026-40614

8.8CVSS5.8AI score0.00224EPSS

Exploits0References1

CVE•added 2026/04/21 6:4 p.m.•17 views

CVE-2026-40614

Summary of CVE-2026-40614 (PJSIP): PJSIP (2.16 and earlier) has a heap buffer overflow in Opus decoding due to insufficient bounds checking in the codec_decode path. The FEC decode buffers (dec_frame[].buf) are allocated using a PCM-derived size, which at 8 kHz mono yields 960 bytes, but codec_pa...

8.8CVSS6.2AI score0.00224EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/21 6:4 p.m.•3 views

CVE-2026-40614 PJSIP: Heap buffer overflow in Opus codec decoding

8.5CVSS6.2AI score0.00224EPSS

Exploits0References2

EUVD•added 2026/04/21 6:4 p.m.•2 views

EUVD-2026-24229

8.5CVSS6.2AI score0.00224EPSS

Exploits0References2

Debian CVE•added 2026/04/21 6:4 p.m.•3 views

CVE-2026-40614

8.8CVSS5.8AI score0.00224EPSS

Exploits0

CNNVD•added 2026/04/21 12:0 a.m.•6 views

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP versions 2.16 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the...

9.8CVSS5.9AI score0.00419EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•4 views

PT-2026-34170

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and earlier Description A stack buffer overflow occurs in the pjsip auth create digest2 function when using pre-computed digest credentials PJSIP CRED DATA DIGEST. The function copies credential data using the cred...

9.8CVSS6AI score0.00419EPSS

Exploits0References10