cbcvebase.

Teluu Pjsip vulnerabilities

32 known vulnerabilities affecting teluu/pjsip.

Total CVEs
32
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL18HIGH10MEDIUM4

Vulnerabilities

Page 2 of 2
CVE-2026-41416P3HIGHCVSS 7.5fixed in 2.172026-04-24
CVE-2026-41416 [HIGH] CWE-190 CVE-2026-41416: PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can lead to unexpected application termination or memory corru
nvd
CVE-2022-24764P3HIGHCVSS 7.5≤ 2.122022-03-22
CVE-2022-24764 [HIGH] CWE-120 CVE-2022-24764: PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and pri PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_me
nvd
CVE-2022-24792P3HIGHCVSS 7.5≤ 2.122022-04-25
CVE-2022-24792 [HIGH] CWE-835 CVE-2022-24792: PJSIP is a free and open source multimedia communication library written in C. A denial-of-service v PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not
nvd
CVE-2022-24763P3HIGHCVSS 7.5≥ 2.5, < 2.132022-03-30
CVE-2022-24763 [HIGH] CWE-835 CVE-2022-24763: PJSIP is a free and open source multimedia communication library written in the C language. Versions PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.
nvd
CVE-2018-1000098P3HIGHCVSS 7.5≤ 2.7.12018-03-13
CVE-2018-1000098 [HIGH] CWE-190 CVE-2018-1000098: Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsi Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
nvd
CVE-2018-1000099P3HIGHCVSS 7.5≤ 2.7.12018-03-13
CVE-2018-1000099 [HIGH] CWE-824 CVE-2018-1000099: Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
nvd
CVE-2017-16875P3HIGHCVSS 7.5fixed in 2.7.12017-11-17
CVE-2017-16875 [HIGH] CVE-2017-16875: An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registr
nvd
CVE-2021-41141P3HIGHCVSS 7.5≤ 2.11.12022-01-04
CVE-2021-41141 [HIGH] CWE-667 CVE-2021-41141: PJSIP is a free and open source multimedia communication library written in the C language implement PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, whic
nvd
CVE-2020-15260P3MEDIUMCVSS 6.8≤ 2.102021-03-10
CVE-2020-15260 [MEDIUM] CWE-297 CVE-2020-15260: PJSIP is a free and open source multimedia communication library written in C language implementing PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote
nvd
CVE-2026-42225P4MEDIUMCVSS 5.9fixed in 2.172026-05-07
CVE-2026-42225 [MEDIUM] CWE-295 CVE-2026-42225: PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17 PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via verify_server = PJ_TRUE or verify_client = PJ_TRUE. T
nvd
CVE-2021-21375P4MEDIUMCVSS 6.5≤ 2.102021-03-10
CVE-2021-21375 [MEDIUM] CWE-400 CVE-2021-21375: PJSIP is a free and open source multimedia communication library written in C language implementing PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This
nvd
CVE-2021-32686P4MEDIUMCVSS 5.9fixed in 2.11.12021-07-23
CVE-2021-32686 [MEDIUM] CWE-362 CVE-2021-32686: PJSIP is a free and open source multimedia communication library written in C language implementing PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group
nvd
Teluu Pjsip vulnerabilities | cvebase