Unrated severityNVD Advisory· Published Feb 11, 2026· Updated Feb 12, 2026

PJSIP has a heap buffer overflow in ICE with long username

CVE-2026-25994

Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.

Affected products

Pjsip/Pjsipllm-fuzzy
Range: <=2.16
pjsip/pjprojectv5
Range: <= 2.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0mitrex_refsource_MISC
github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqpmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000