Buffer overflow in Pjsip Pjproject

CVE-2026-40614

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FE…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (10.6th percentile) — read the EPSS interpretation.

Affected products

Pjsip Pjproject — versions <= 2.16

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g (x_refsource_CONFIRM)
https://github.com/pjsip/pjproject/commit/17897e835818f8ee03b1806ddcd7b95ea16d2c0e (x_refsource_MISC)