Lucene search
K
PjsipPjsip

14 matches found

cve
cve
added 2022/04/06 12:0 a.m.149 views

CVE-2022-24793

CVE-2022-24793 affects PJSIP’s DNS resolver. A buffer overflow is triggered in parsing the query record (parse_rr) for versions ≤ 2.12. A fix exists in the pjproject master branch; a workaround is to disable DNS resolution in PJSIP (set nameserver_count to 0) or use an external resolver. The issu...

7.5CVSS7.6AI score0.02108EPSS
cve
cve
added 2022/04/06 12:0 a.m.140 views

CVE-2022-24786

CVE-2022-24786 affects PJSIP (PJPROJECT) versions 2.12 and earlier. The root cause is that PJMEDIA RTC PTS/RPSI feedback parsing does not correctly handle RTCP RPSI packets, enabling an impact to applications that directly call pjmedia_rtcp_fb_parse_rpsi(). The issue is documented with a patch av...

9.8CVSS9.4AI score0.01893EPSS
cve
cve
added 2022/10/06 12:0 a.m.110 views

CVE-2022-39244

CVE-2022-39244 affects the PJSIP/Pjproject stack prior to 2.13. The vulnerability is a buffer overflow in the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser. This could put users connecting to untrusted clients at risk. The issue has been patched in commit c4d3498 and will be included ...

9.8CVSS8.7AI score0.01084EPSS
cve
cve
added 2022/12/23 2:0 p.m.80 views

CVE-2022-23547

CVE-2022-23547 is a vulnerability in the pjproject/PJSIP stack used by Ring and related components. It describes a possible buffer overread when parsing a STUN message. Affected products/areas: embedded pjproject components in Ring (PJSIP/PJNATH/PJSUA-LIB use), with the issue arising during STUN ...

9.8CVSS7.8AI score0.00945EPSS
cve
cve
added 2026/02/20 12:26 a.m.39 views

CVE-2026-26967

PJSIP Vulnerability CVE-2026-26967: In 2.16 and earlier, the H.264 unpacketizer can overflow the heap when processing malformed SRTP packets, due to reading a 2-byte NAL unit size without validating bounds within the payload. Affected: PJSIP-based applications handling H.264 video streams. Impact...

9.3CVSS5.8AI score0.0029EPSS
cve
cve
added 2026/03/06 6:36 a.m.30 views

CVE-2026-28799

CVE-2026-28799 affects the PJSIP multimedia library (up to version 2.16). A heap use-after-free flaw exists in PJSIP’s event subscription framework (evsub.c) and is triggered during presence unsubscription with SubSCRIBE and Expires=0. The issue can impact availability (high impact) with negligib...

8.7CVSS5.8AI score0.00285EPSS
cve
cve
added 2026/02/11 8:56 p.m.28 views

CVE-2026-25994

CVE-2026-25994 affects PJSIP’s PJNATH ICE Session in 2.16 and earlier. The vulnerability is a buffer overflow triggered when processing credentials with excessively long usernames. According to the description, this can impact confidentiality, integrity, and availability (high impact) and is expl...

9.8CVSS5.9AI score0.01927EPSS
Web
cve
cve
added 2026/03/20 8:21 a.m.28 views

CVE-2026-33069

PJSIP versions 2.16 and earlier are affected by a cascading out-of-bounds heap read in pjsip_multipart_parse(), where after boundary matching curptr is advanced past the delimiter without ensuring it is within the buffer, allowing 1–2 bytes of adjacent heap memory to be read. This affects applica...

7.5CVSS6AI score0.0026EPSS
cve
cve
added 2026/04/21 6:4 p.m.23 views

CVE-2026-40614

Summary of CVE-2026-40614 (PJSIP): PJSIP (2.16 and earlier) has a heap buffer overflow in Opus decoding due to insufficient bounds checking in the codec_decode path. The FEC decode buffers (dec_frame[].buf) are allocated using a PCM-derived size, which at 8 kHz mono yields 960 bytes, but codec_pa...

8.8CVSS6.2AI score0.00224EPSS
cve
cve
added 2026/03/06 6:36 a.m.22 views

CVE-2026-29068

PJSIP is affected by a stack buffer overflow in the pjmedia-codec RTP payload parser when a payload contains more frames than the caller-provided frames can hold. This impacts versions prior to 2.17. The vulnerability, with a CVSS 4.0 base score of 8.7 (Network attack vector, no user interaction,...

8.7CVSS6AI score0.00314EPSS
cve
cve
added 2026/03/20 3:54 a.m.17 views

CVE-2026-32945

CVE-2026-32945 affects PJSIP 2.16 and earlier; the DNS parser’s name-length handling in pjlib-util (get_name_len/get_name) allows a heap-based buffer overflow via a crafted DNS response, enabling remote DoS. The issue is fixed in PJSIP 2.17. Mitigations/workarounds: upgrade to 2.17, or avoid DNS ...

9.8CVSS5.8AI score0.00308EPSS
cve
cve
added 2026/02/19 7:28 p.m.16 views

CVE-2026-26203

PJSIP (pjproject) versions prior to 2.17 contain a heap buffer underflow in the H.264 packetizer when processing malformed bitstreams without NAL unit start codes. The packetizer performs unchecked pointer arithmetic, potentially reading memory before the allocated buffer. A patch is available in...

6.5CVSS5.9AI score0.00101EPSS
cve
cve
added 2026/03/20 3:43 a.m.15 views

CVE-2026-32942

PJSIP (C library) contains a heap use-after-free in the ICE session for versions 2.16 and earlier, caused by race conditions between session destruction and callbacks. This may lead to crashes; upgrading to version 2.17 fixes the issue. References confirm affected versions and fix.

9.3CVSS5.7AI score0.00319EPSS
cve
cve
added 2026/04/21 7:55 p.m.11 views

CVE-2026-40892

CVE-2026-40892 (PJSIP) : A stack buffer overflow exists in pjsip_auth_create_digest2() for 2.16 and earlier when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies cred_info->data.slen without an upper-bound check, which can overflow the fixed-size ha1 buffer (...

9.8CVSS6AI score0.00419EPSS