Primary

Context

PJSIP H.264 Packetizer Heap Buffer Underflow Vulnerability

Vulnerability

Patched

A critical heap buffer underflow vulnerability has been identified in PJSIP versions prior to 2.17, specifically within the H.264 packetizer. This vulnerability arises when the packetizer processes malformed H.264 bitstreams that lack NAL unit start codes. The issue is caused by unchecked pointer arithmetic, allowing the packetizer to read memory located before the allocated buffer. As a result, this vulnerability can lead to a heap-use-after-free condition, causing applications to terminate unexpectedly.

Impact

Exploitation of this vulnerability creates a heap-use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution. In the context of applications using PJSIP, this vulnerability could cause the application to crash or behave erratically.

Remediation

Users can upgrade to PJSIP version 2.17, which includes the necessary patch. The patch is available in the master branch of the PJSIP GitHub repository.

Added: Feb 19, 2026, 9:09 PM

Updated: Feb 19, 2026, 9:09 PM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

2.5

exploitability

7.7

remediation

7.7

relevance

3.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

2.5

exploitability

7.7

remediation

7.7

relevance

3.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PJSIP H.264 Packetizer Heap Buffer Underflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PJSIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating