Pjsip
CVE-2026-29068
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.
AnalysisAI
PJSIP versions prior to 2.17 are vulnerable to a stack buffer overflow in the RTP payload parsing mechanism when processing more frames than allocated buffers can accommodate, enabling remote denial of service attacks over the network without authentication. An attacker can trigger a crash by sending specially crafted RTP packets containing excessive frame data, causing the application to become unavailable.
Technical ContextAI
Classified as CWE-121 (Stack-based Buffer Overflow). Affects Pjsip. PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.
RemediationAI
A vendor patch is available — apply it immediately. Fixed in version 2.17.. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
PJSIP is a free and open source multimedia communication library. Rated critical severity (CVSS 9.1), this vulnerability
PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Rated critical severity (CVSS 9
Buffer overflow in PJSIP multimedia library version 2.16 and earlier in PJNATH ICE implementation. Patch available. Affe
Heap overflow in PJSIP 2.16 and earlier DNS parser allows unauthenticated remote attackers to achieve code execution wit
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, a
PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto
PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto
PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.8), this
PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto
PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.8), this
PJSIP is a free and open source multimedia communication library written in C language. Rated critical severity (CVSS 9.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today