Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This allows 1-2 bytes of adjacent heap memory to be read. All applications that process incoming SIP messages with multipart bodies or SDP content are potentially affected. This issue is resolved in version 2.17.
AnalysisAI
PJSIP versions 2.16 and below contain a cascading out-of-bounds heap read vulnerability in the pjsip_multipart_parse() function that allows attackers to read 1-2 bytes of adjacent heap memory when processing SIP messages with multipart bodies or SDP content. The vulnerability affects all applications using PJSIP to process incoming SIP messages, as the flaw does not require authentication or user interaction and can be triggered remotely over the network. While the CVSS score of 6.9 reflects moderate severity with low confidentiality impact, the low attack complexity and remote exploitability make this a practical concern for SIP-based communication systems.
Technical ContextAI
PJSIP is a free and open-source multimedia communication library written in C that implements SIP (Session Initiation Protocol) and related protocols for VoIP and real-time communication. The vulnerability exists in the boundary parsing logic of pjsip_multipart_parse(), which processes multipart MIME content and SDP (Session Description Protocol) data within SIP messages. The root cause is classified as CWE-125 (Out-of-bounds Read), specifically a cascading vulnerability where after matching a boundary string delimiter, the parser advances a cursor pointer (curptr) past the delimiter without first verifying that the cursor has not exceeded the buffer boundary. This allows the subsequent read operations to access 1-2 bytes of heap memory that lie outside the intended input buffer, potentially exposing sensitive data or adjacent heap structures. The affected CPE string cpe:2.3:a:pjsip:pjproject:*:*:*:*:*:*:*:* confirms that all versions of the pjproject package up to and including 2.16 are vulnerable.
RemediationAI
Upgrade PJSIP (pjproject) to version 2.17 or later immediately, as this version includes the fix committed at https://github.com/pjsip/pjproject/commit/f0fa32a226df5f87a9903093e5d145ebb69734db. For systems that cannot upgrade immediately, restrict network access to the SIP service by implementing IP-based access controls that limit incoming SIP traffic to trusted peers and administrative networks, and disable multipart message processing if operationally feasible. Monitor SIP traffic logs for malformed multipart or SDP payloads that might indicate exploitation attempts. After patching, validate the upgrade by reviewing your application build configuration to ensure the new PJSIP version is correctly linked and deployed.
Heap buffer overflow in PJSIP 2.16 and earlier allows local attackers with user interaction to execute arbitrary code or
Certificate validation bypass in PJSIP versions before 2.17 allows remote attackers to perform man-in-the-middle attacks
Integer overflow in PJSIP 2.16 and earlier enables remote unauthenticated attackers to trigger memory corruption or appl
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overf
Heap out-of-bounds read in PJSIP's VP9 RTP unpacketizer allows remote attackers to read memory beyond allocated buffer b
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allVendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13632