Main Vulnerability Database Vulnerabilities #VU126321

Integer overflow in pjsip - #VU126321

Published: April 16, 2026

Vulnerability identifier: #VU126321

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: pjsip

Affected software:
pjsip

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service or execute arbitrary code.

The vulnerability exists due to integer overflow in media stream buffer size calculation in pjmedia media stream when processing SDP offers or answers with audio codec configurations that use asymmetric ptime. A remote attacker can send a specially crafted SDP offer or answer to cause a denial of service or execute arbitrary code.

Successful exploitation may result in an undersized buffer allocation and memory corruption.

Remediation

Install security update from vendor's website.

Sources

https://github.com/pjsip/pjproject/security/advisories/GHSA-f33g-8hjq-62xr

Integer overflow in pjsip - #VU126321

Detailed vulnerability description

Remediation

Sources

Please verify you're human