CVE-2026-32942Use After Free in Pjproject

CWE-416Use After Free3 documents3 sources
Severity
8.0HIGHNVD
EPSS
0.1%
top 82.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pjsip PjprojectPjsip
Timeline
PublishedMar 20

Description

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDpjsip/pjsip< 2.17
CVEListV5pjsip/pjproject< 2.17

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2026-32942: PJSIP is a free and open source multimedia communication library written in C2026-03-20

🕵️Threat Intelligence

1
Wiz
CVE-2026-32942 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-32942 — Use After Free in Pjsip Pjproject | cvebase