Pjsip
by Pjsip
Source repositories
CVEs (48)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-26967 | 0.00 | — | 0.00 | Feb 20, 2026 | PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer… | |||
| CVE-2026-26203 | 0.00 | — | 0.00 | Feb 19, 2026 | PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer… | |||
| CVE-2023-38703 | 0.00 | — | 0.01 | Oct 6, 2023 | PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level… | |||
| CVE-2023-27585 | 0.00 | — | 0.02 | Mar 14, 2023 | PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is… | |||
| CVE-2022-23547 | 0.00 | — | 0.01 | Dec 23, 2022 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message.… | |||
| CVE-2022-23537 | 0.00 | — | 0.01 | Dec 20, 2022 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The… | |||
| CVE-2022-39244 | 0.00 | — | 0.01 | Oct 6, 2022 | PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This… | |||
| CVE-2022-31031 | 0.00 | — | 0.02 | Jun 7, 2022 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use… | |||
| CVE-2022-24792 | 0.00 | — | 0.02 | Apr 25, 2022 | PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data… | |||
| CVE-2022-24793 | 0.00 | — | 0.02 | Apr 6, 2022 | PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is… | |||
| CVE-2022-24786 | 0.00 | — | 0.02 | Apr 6, 2022 | PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A… | |||
| CVE-2022-24764 | 0.00 | — | 0.02 | Mar 22, 2022 | PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not… | |||
| CVE-2022-24754 | 0.00 | — | 0.02 | Mar 11, 2022 | PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type… | |||
| CVE-2022-23608 | 0.00 | — | 0.04 | Feb 22, 2022 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by… | |||
| CVE-2021-43302 | 0.00 | — | 0.02 | Feb 16, 2022 | Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters. | |||
| CVE-2021-43299 | 0.00 | — | 0.02 | Feb 16, 2022 | Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | |||
| CVE-2021-43300 | 0.00 | — | 0.02 | Feb 16, 2022 | Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | |||
| CVE-2021-43303 | 0.00 | — | 0.02 | Feb 16, 2022 | Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied | |||
| CVE-2021-43301 | 0.00 | — | 0.02 | Feb 16, 2022 | Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | |||
| CVE-2022-21722 | 0.00 | — | 0.02 | Jan 27, 2022 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP… |
- CVE-2026-26967Feb 20, 2026risk 0.00cvss —epss 0.00
PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer…
- CVE-2026-26203Feb 19, 2026risk 0.00cvss —epss 0.00
PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer…
- CVE-2023-38703Oct 6, 2023risk 0.00cvss —epss 0.01
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level…
- CVE-2023-27585Mar 14, 2023risk 0.00cvss —epss 0.02
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is…
- CVE-2022-23547Dec 23, 2022risk 0.00cvss —epss 0.01
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message.…
- CVE-2022-23537Dec 20, 2022risk 0.00cvss —epss 0.01
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The…
- CVE-2022-39244Oct 6, 2022risk 0.00cvss —epss 0.01
PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This…
- CVE-2022-31031Jun 7, 2022risk 0.00cvss —epss 0.02
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use…
- CVE-2022-24792Apr 25, 2022risk 0.00cvss —epss 0.02
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data…
- CVE-2022-24793Apr 6, 2022risk 0.00cvss —epss 0.02
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is…
- CVE-2022-24786Apr 6, 2022risk 0.00cvss —epss 0.02
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A…
- CVE-2022-24764Mar 22, 2022risk 0.00cvss —epss 0.02
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not…
- CVE-2022-24754Mar 11, 2022risk 0.00cvss —epss 0.02
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type…
- CVE-2022-23608Feb 22, 2022risk 0.00cvss —epss 0.04
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by…
- CVE-2021-43302Feb 16, 2022risk 0.00cvss —epss 0.02
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.
- CVE-2021-43299Feb 16, 2022risk 0.00cvss —epss 0.02
Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
- CVE-2021-43300Feb 16, 2022risk 0.00cvss —epss 0.02
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
- CVE-2021-43303Feb 16, 2022risk 0.00cvss —epss 0.02
Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied
- CVE-2021-43301Feb 16, 2022risk 0.00cvss —epss 0.02
Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
- CVE-2022-21722Jan 27, 2022risk 0.00cvss —epss 0.02
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP…
Page 2 of 3