Skip to content
CVSS 7.5 · HIGH

CVE-2026-41416

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can lead to unexpected application termination or memory corruption This vulnerability is fixed in 2.17.

Ver en NVD

Análisis

PJSIP 2.16 and earlier contains an integer overflow vulnerability in its media stream buffer calculation during SDP processing. Applications and servers using this library for VoIP or WebRTC, such as Asterisk or custom softphones, are vulnerable to memory corruption or crashes when receiving malicious session descriptions.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: NONE
I: NONE
A: HIGH
Tipo de falla (CWE): CWE-190

EPSS

Probabilidad de explotación (próx. 30 días): 0.0006 (0.1%)
Percentil: 17.0%
EPSS: 2026-05-06

Afecta

teluu:pjsip

Descripción técnica

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can lead to unexpected application termination or memory corruption This vulnerability is fixed in 2.17.

Publicada: 24/4/2026, 19:17:13
Última modificación: 28/4/2026, 18:30:20

Referencias

InicioEventosBlogRecursosEquipo