Out-of-bounds Read in Pjsip Pjproject

CVE-2026-34235

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (6.4th percentile) — read the EPSS interpretation.

Affected products

Pjsip Pjproject — versions < 2.17

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://github.com/pjsip/pjproject/security/advisories/GHSA-pqrm-53pc-wx28 (x_refsource_CONFIRM)
https://github.com/pjsip/pjproject/commit/f4c7d08211da1fe2ad1504434a0ad99d12aa7536 (x_refsource_MISC)