CVE-2026-25994 — Classic Buffer Overflow in Pjproject

CWE-120 — Classic Buffer Overflow5 documents4 sources

Severity

8.1HIGHNVD

OSV9.8

EPSS

0.0%

top 93.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pjsip Pjproject Pjsip

Timeline

PublishedFeb 11

Latest updateMar 24

Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶Ubuntupjsip/pjproject< 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1+1

▶NVDpjsip/pjsip2.16

▶CVEListV5pjsip/pjproject2.16

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

pjproject vulnerabilities↗2026-03-24

▶

OSV

CVE-2026-25994: PJSIP is a free and open source multimedia communication library written in C↗2026-02-11

▶

📋Vendor Advisories

Ubuntu

PJSIP vulnerabilities↗2026-03-24

▶

🕵️Threat Intelligence

Wiz

CVE-2026-25994 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶