VYPR
Unrated severityNVD Advisory· Published Mar 6, 2026· Updated Mar 9, 2026

PJSIP: Heap use-after-free in PJSIP presence subscription termination handler

CVE-2026-28799

Description

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.