Out-of-bounds Read in Pjsip Pjproject

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string matching, curptr is advanced past the delimit…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.

Affected products

Pjsip Pjproject — versions < 2.17

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj (x_refsource_CONFIRM)
https://github.com/pjsip/pjproject/commit/f0fa32a226df5f87a9903093e5d145ebb69734db (x_refsource_MISC)