CVE-2026-40614

Summary of CVE-2026-40614 (PJSIP): PJSIP (2.16 and earlier) has a heap buffer overflow in Opus decoding due to insufficient bounds checking in the codec_decode path. The FEC decode buffers (dec_frame[].buf) are allocated using a PCM-derived size, which at 8 kHz mono yields 960 bytes, but codec_pa...

CVE-2026-40614

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers decframe.buf were allocated based on a...

CVE-2025-71264

An out of bound array access flaw has been discovered in the mumble voip client. In certain situations decoding of opus encoded audio can attempt to access an array with an invalid index. This may result in a program crash. Mitigation Mitigation for this issue is either not available or the...

Important: gstreamer1-plugins-base

Issue Overview: GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbishandleidentificationpacket function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd-vi.channels exceeds 64, t...