VYPR
Vendor

Pjsip

Products
2
CVEs
48
Across products
87
Status
Private

Products

2

Recent CVEs

48
View all 48 CVEs →
  • CVE-2015-2003CriMar 29, 2018
    risk 0.64cvss 9.8epss 0.02

    The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

  • CVE-2017-16872CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were…

  • CVE-2022-39269CriOct 6, 2022
    risk 0.59cvss 9.1epss 0.01

    PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts…

  • CVE-2026-40892CriApr 21, 2026
    risk 0.57cvss 9.8epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data…

  • CVE-2025-65102HigNov 21, 2025
    risk 0.57cvss epss 0.00

    PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who…

  • CVE-2026-41415CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer…

  • CVE-2026-34235CriMar 31, 2026
    risk 0.52cvss 9.1epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure (SS) data. Insufficient bounds checking…

  • CVE-2026-40614HigApr 21, 2026
    risk 0.50cvss 8.8epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were…

  • CVE-2022-24763HigMar 30, 2022
    risk 0.49cvss 7.5epss 0.02

    PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known…

  • CVE-2018-1000099HigMar 13, 2018
    risk 0.49cvss 7.5epss 0.04

    Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in…

  • CVE-2018-1000098HigMar 13, 2018
    risk 0.49cvss 7.5epss 0.03

    Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

  • CVE-2017-16875HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger…

  • CVE-2026-41416HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer…

  • CVE-2026-42225MedMay 7, 2026
    risk 0.31cvss 5.9epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even when the application explicitly enables…

  • CVE-2026-25994Feb 11, 2026
    risk 0.03cvss epss 0.02

    PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.

  • CVE-2026-33069Mar 20, 2026
    risk 0.00cvss epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached…

  • CVE-2026-32945Mar 20, 2026
    risk 0.00cvss epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured…

  • CVE-2026-32942Mar 20, 2026
    risk 0.00cvss epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been…

  • CVE-2026-28799Mar 6, 2026
    risk 0.00cvss epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This…

  • CVE-2026-29068Mar 6, 2026
    risk 0.00cvss epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched…