Main Vulnerability Database Vulnerabilities #VU126321

#VU126321 Integer overflow in pjsip

Published: April 16, 2026

Vulnerability identifier: #VU126321

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
pjsip

Software vendor:
pjsip

Description

The vulnerability allows a remote attacker to cause a denial of service or execute arbitrary code.

The vulnerability exists due to integer overflow in media stream buffer size calculation in pjmedia media stream when processing SDP offers or answers with audio codec configurations that use asymmetric ptime. A remote attacker can send a specially crafted SDP offer or answer to cause a denial of service or execute arbitrary code.

Successful exploitation may result in an undersized buffer allocation and memory corruption.

Remediation

Install security update from vendor's website.

External links

https://github.com/pjsip/pjproject/security/advisories/GHSA-f33g-8hjq-62xr

#VU126321 Integer overflow in pjsip

Description

Remediation

External links

Please verify you're human