Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
PJSIP library parses RTP data incorrectly, potentially causing a crash
CVE-2026-29068
Summary
A bug in PJSIP's RTP parsing code can cause the library to crash or behave unexpectedly if it receives certain types of data. This issue affects versions of PJSIP prior to 2.17, but it has been fixed in the latest version. Update to version 2.17 or later to resolve the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| pjsip | pjsip | <= 2.17 | – |
Original title
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain...
Original description
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.
nvd CVSS4.0
8.7
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026