CVE-2026-34235

| EUVD-2026-17494 MEDIUM
2026-03-31 GitHub_M
6.9
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 16:00 euvd
EUVD-2026-17494
Analysis Generated
Mar 31, 2026 - 16:00 vuln.today
CVE Published
Mar 31, 2026 - 15:36 nvd
MEDIUM 6.9

Tags

Information Disclosure Buffer Overflow

Description

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure (SS) data. Insufficient bounds checking on the payload descriptor length may cause reads beyond the allocated RTP payload buffer. This issue has been patched in version 2.17. A workaround for this issue involves disabling VP9 codec if not needed.

Analysis

Heap out-of-bounds read in PJSIP's VP9 RTP unpacketizer allows remote attackers to read memory beyond allocated buffer boundaries by sending crafted VP9 Scalability Structure data, potentially disclosing sensitive information. PJSIP versions prior to 2.17 are affected. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

35
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +34
POC: 0

Share

CVE-2026-34235 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy