PJPROJECT 2.16 - Heap Bufferoverflow

Exploit Title: PJPROJECT 2.16 - Heap Bufferoverflow Google Dork: CVE-2026-25994 PJSIP PJNATH pjsip ≤ 2.16 Date: Apr 6 2026 Exploit Author: V.Nos - BinSmaser Team Vendor Homepage: https://github.com/pjsip/pjproject Software Link: https://github.com/VABISMO/cve-2026-25994PJSIP Version: rxufrag; -...

📄 PJPROJECT 2.16 Buffer Overflow

PJPROJECT versions 2.16 and below suffer from a heap buffer overflow vulnerability. Exploit Title: PJPROJECT 2.16 - Heap Bufferoverflow Google Dork: CVE-2026-25994 PJSIP PJNATH pjsip ≤ 2.16 Date: Apr 6 2026 Exploit Author: V.Nos - BinSmaser Team Vendor Homepage: https://github.com/pjsip/pjproject...

CVE-2026-40614

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers decframe.buf were allocated based on a...

Ubuntu: Security Advisory (USN-8122-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2017-8049

Malware in sbrugna...

EUVD-2017-8046

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-16875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an...

Use-After-Free

pjproject is vulnerable to Use-After-Free. The vulnerability is due to the mishandling of SRTP and media transports other than UDP, leading to potential memory corruption...

CVE-2022-23547 Heap buffer overflow in pjproject when decoding STUN message

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability...

CVE-2022-23547 Heap buffer overflow in pjproject when decoding STUN message

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability...

Stack Buffer Overflow

pjproject, edge is vulnerable to stack buffer overflow. The vulnerability exists because pjsip users that use STUN in their applications, either by: setting a STUN server in their account/media config in pjsua/pjsua2 level, or directly using pjlib-util/stunsimple api...

Debian DLA-3036-1 : pjproject - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3036 advisory. - PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability tha...

Debian: Security Advisory (DLA-3036-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3036-1] pjproject security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3036-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 31, 2022 https://wiki.debian.org/LTS -...

DLA-3036-1 pjproject - security update

Bulletin has no description...

ROS-20220518-03

A vulnerability in the pjproject multimedia communication library is related to an infinite loop when parsing a of a WAV file. Exploitation of the vulnerability could allow an attacker acting remotely to consume all available system resources and cause denial of service conditions A vulnerability...

Denial Of Service (DoS)

pjproject is vulnerable to denial of service. The vulnerability exists due to the infinite loop in the xml parser, allowing an attacker to cause an application crash...

Out-of-Bounds Read And Write

pjproject is vulnerable to out-of-bounds read and write. An attacker is able to cause out-of-bounds read/write via pjmediartcpfbparserpsi function, when parsing incoming RTCP feedback RPSI Reference Picture Selection Indication packet...

Denial Of Service (DoS)

pjproject is vulnerable to denial of service. The vulnerability exists due to the library does not properly check the WAV file data length when it greater than 31-bit, allowing an attacker to crash the application by providing malicious WAV files...

UBUNTU-CVE-2022-24786

PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...