PJSIP Out-of-Bounds Heap Read Vulnerability in SIP Multipart Parsing

Vulnerability

A cascading out-of-bounds heap read vulnerability has been identified in PJSIP versions through 2.16, within the function 'pjsip_multipart_parse()'. The issue arises after the function matches boundary strings; the pointer 'curptr' is moved past the delimiter without checking if it has reached the end of the buffer. This oversight allows adjacent bytes of heap memory to be read. Applications that handle incoming SIP messages with multipart bodies or SDP content may be affected.

Impact

Exploitation of this vulnerability leads to a moderate severity out-of-bounds heap read, allowing for the reading of 1-2 bytes from adjacent heap memory, which could potentially be leveraged in a heap exploitation scenario.

Remediation

Users can upgrade to PJSIP version 2.17, where this vulnerability has been patched.

Added: Mar 20, 2026, 9:28 AM
Updated: Mar 20, 2026, 9:28 AM

Vulnerability Rating

Custom Algorithm
spread
9.8
impact
0.6
exploitability
7.7
remediation
7.7
relevance
2.7
threat
3.2
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.