Primary

Context

PJSIP Integer Overflow Vulnerability in Media Stream Buffer Size Calculation

Vulnerability

Patched

An integer overflow vulnerability has been identified in PJSIP versions through 2.16, specifically in the media stream component. The issue arises when processing Session Description Protocol (SDP) with asymmetric 'ptime' configurations, leading to an incorrect buffer size allocation. This miscalculation can cause memory corruption or unexpected application crashes.

Impact

Exploitation of this vulnerability can result in memory corruption or unintended application termination.

Remediation

Users can upgrade to PJSIP version 2.17, where this vulnerability has been fixed.

Added: Apr 24, 2026, 8:54 PM

Updated: Apr 24, 2026, 8:54 PM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

3.1

exploitability

8.1

remediation

7.7

relevance

6.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

3.1

exploitability

8.1

remediation

7.7

relevance

6.6

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PJSIP Integer Overflow Vulnerability in Media Stream Buffer Size Calculation

Vulnerability

Impact

Remediation

Affected Products

PJSIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating