Primary

Context

PJSIP Opus Codec Heap Buffer Overflow Vulnerability

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in the PJSIP multimedia communication library, specifically in versions of the library through 2.16. The issue arises in the Opus audio codec decoding process, where the buffer size for handling audio frames is not adequately validated. This flaw allows for the possibility of a heap buffer overflow, as the codec can receive frames larger than the allocated buffer can handle, leading to potential memory corruption or application crashes.

Impact

Exploitation of this vulnerability can cause a heap buffer overflow, which may result in memory corruption, allowing for potential arbitrary code execution, or causing the application to crash.

Remediation

Users can upgrade to PJSIP version 2.17, where this vulnerability has been patched. Alternatively, the Opus codec can be disabled to mitigate the issue.

Added: Apr 21, 2026, 8:08 PM

Updated: Apr 21, 2026, 8:08 PM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

3.1

exploitability

8.8

remediation

8.3

relevance

6.4

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

3.1

exploitability

8.8

remediation

8.3

relevance

6.4

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PJSIP Opus Codec Heap Buffer Overflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PJSIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating