CVE-2026-29068
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Tags
Description
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.
Analysis
PJSIP versions prior to 2.17 are vulnerable to a stack buffer overflow in the RTP payload parsing mechanism when processing more frames than allocated buffers can accommodate, enabling remote denial of service attacks over the network without authentication. An attacker can trigger a crash by sending specially crafted RTP packets containing excessive frame data, causing the application to become unavailable.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running PJSIP and document versions in use; assess exposure by determining if affected systems accept untrusted RTP streams. Within 7 days: Upgrade PJSIP to version 2.17 or later on all affected systems; test in non-production environments first. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today