CVE-2026-29068 — Stack-based Buffer Overflow in Pjproject

CWE-121 — Stack-based Buffer Overflow CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

8.7HIGHNVD

EPSS

0.1%

top 80.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pjsip Pjproject Pjsip

Timeline

PublishedMar 6

Description

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDpjsip/pjsip< 2.17

▶CVEListV5pjsip/pjproject< 2.17

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2026-29068: PJSIP is a free and open source multimedia communication library written in C↗2026-03-06

▶

📋Vendor Advisories

Red Hat

PJSIP: PJSIP: Denial of Service via malformed RTP payload processing↗2026-03-06

▶

🕵️Threat Intelligence

Wiz

CVE-2026-29068 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶