Critical severity9.1NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026

CVE-2026-41415

Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This vulnerability is fixed in 2.17.

Affected products

Pjsip/Pjsip
cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*
Range: <2.17

Patches

4225a93c1666

Fixed SIP Multipart CID URI length check (#4844)

https://github.com/pjsip/pjprojectsauwmingMar 10, 2026via nvd-ref

commit

1 file changed · +3 −1

pjsip/src/pjsip/sip_multipart.c+3 −1 modified

@@ -549,12 +549,14 @@ static pj_str_t cid_uri_to_hdr_value(pj_pool_t *pool, pj_str_t *cid_uri)
     pj_size_t cid_len = pj_strlen(cid_uri);
     pj_size_t alloc_len = cid_len + 2 /* for the leading and trailing angle brackets */;
     pj_str_t uri_overlay;
-    pj_str_t cid_hdr;
+    pj_str_t cid_hdr = {0};
     pj_str_t hdr_overlay;
 
     pj_strassign(&uri_overlay, cid_uri);
     /* If the URI is already enclosed in angle brackets, remove them. */
     if (uri_overlay.ptr[0] == '<') {
+        if (uri_overlay.slen < 2)
+            return cid_hdr;
         uri_overlay.ptr++;
         uri_overlay.slen -= 2;
     }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/pjsip/pjproject/commit/4225a93c16661538005017883fbc8f1ea1d5f4b0nvdPatch
github.com/pjsip/pjproject/security/advisories/GHSA-935m-fmf5-j4pmnvdPatchVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000