Description
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.
Published: 2026-03-06
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

Prior to version 2.17 of the PJSIP multimedia communication library, the Opus codec parser in pjmedia-codec contains a stack buffer overflow when it processes an RTP payload that includes more frames than the caller reserved space for. This flaw can corrupt the stack, potentially leading to a denial‑of‑service condition. The vulnerability is identified as CWE‑120 and CWE‑121.

Affected Systems

Affects the open‑source PJSIP pjproject library, all releases earlier than 2.17. Systems that integrate PJSIP for VoIP, SIP, or multimedia handling are at risk if they process RTP streams containing crafted Opus frames.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.7, indicating high impact. The EPSS score is <1%, so exploitation is unlikely but possible. It is not listed in the CISA KEV catalog. The likely attack vector is remote via the network: an attacker who can send a spoofed RTP stream to the vulnerable system can trigger the overflow. Successful exploitation would only require a crafted payload and does not need local interaction with the target system.

Generated by OpenCVE AI on April 18, 2026 at 09:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the PJSIP library to version 2.17 or later, which includes the security fix for the buffer overflow.
  • If an immediate upgrade is not feasible, isolate and restrict incoming RTP traffic to trusted sources, using firewall rules or a SIP proxy to filter malformed frames before they reach the library.
  • Ensure rigorous input validation for RTP payloads; confirm that the number of Opus frames matches the pre‑allocated buffer size and reject any packet where the declared frame count exceeds the buffer capacity.

Generated by OpenCVE AI on April 18, 2026 at 09:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Pjsip pjsip
CPEs cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*
Vendors & Products Pjsip pjsip
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Mon, 09 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Pjsip
Pjsip pjproject
Vendors & Products Pjsip
Pjsip pjproject

Fri, 06 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 06 Mar 2026 07:00:00 +0000

Type Values Removed Values Added
Description PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.
Title PJSIP: Stack buffer overflow in Opus codec parser
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pjsip Pjproject Pjsip
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-09T19:51:25.167Z

Reserved: 2026-03-03T20:51:43.482Z

Link: CVE-2026-29068

cve-icon Vulnrichment

Updated: 2026-03-09T19:51:18.959Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-06T07:16:02.607

Modified: 2026-03-10T19:11:53.763

Link: CVE-2026-29068

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-06T06:36:45Z

Links: CVE-2026-29068 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:00:10Z

Weaknesses