CVE-2026-26203
5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L
Summary
PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked pointer arithmetic that can read from memory located before the allocated buffer. Version 2.17 contains a patch for the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| pjsip | pjmedia-video | < 2.17 | affected |
Weaknesses
- CWE-416: CWE-416: Use After Free
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/pjsip/pjproject/security/advisories/GHSA-p965-mf7j-gwv8
- https://github.com/pjsip/pjproject/commit/5aee54f09d4f91538d55279d7316591b28fded6c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.