CVE-2026-29068

Опубликовано: 06 мар. 2026

Источник: redhat

CVSS3: 9.8

Описание

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.

A flaw was found in PJSIP. A remote attacker could exploit a stack buffer overflow vulnerability in the pjmedia-codec component. This occurs when the component processes a Real-time Transport Protocol (RTP) payload that contains more frames than it is designed to handle. Successful exploitation of this vulnerability could lead to a Denial of Service (DoS), making the affected system unavailable.

Отчет

IMPORTANT: A stack buffer overflow flaw exists in the PJSIP library's Opus codec parser. This vulnerability occurs when processing specially crafted RTP payloads containing more frames than the allocated buffer can hold, potentially leading to denial of service or arbitrary code execution in applications utilizing PJSIP for Opus codec handling.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=2445115PJSIP: PJSIP: Denial of Service via malformed RTP payload processing

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2026-29068

CVSS3: 7.5

ubuntu

21 день назад

CVE-2026-29068

CVSS3: 7.5

nvd

21 день назад

CVE-2026-29068

CVSS3: 7.5

debian

21 день назад

PJSIP is a free and open source multimedia communication library writt ...

9.8 Critical

CVSS3