CVE-2026-40614 PJSIP: Heap buffer overflow in Opus codec decoding

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers decframe.buf were allocated based on a...

PT-2026-34044

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description A heap buffer overflow occurs when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers dec frame.buf are allocated using a...