CVE-2026-29068

PJSIP <2.17 - Buffer Overflow

Title source: llm

Description

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.

References (2)

[Patch] https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f

Scores

EPSS 0.0004

EPSS Percentile 12.6%

Classification

CWE

CWE-121

Status draft

Timeline

Published Mar 06, 2026

Tracked Since Mar 06, 2026