Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pjsip — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting pjsip. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PJSIP is an open-source multimedia communication library primarily utilized for developing Voice over IP (VoIP) applications, including softphones and SIP servers. Its widespread adoption in embedded systems and enterprise telephony solutions has resulted in a significant attack surface, evidenced by thirty-seven recorded Common Vulnerabilities and Exposures. Historically, the codebase has been susceptible to critical flaws such as remote code execution, buffer overflows, and denial-of-service conditions, often stemming from inadequate input validation and memory management errors. While not inherently insecure, its complexity and frequent updates have led to periodic security incidents where attackers exploited parsing vulnerabilities to gain unauthorized access or disrupt services. Developers are advised to prioritize regular patching and rigorous code auditing to mitigate these risks, ensuring the integrity of communication infrastructure that relies on this foundational library for real-time audio and video transmission.

Top products by pjsip: pjproject pjmedia-video
CVE IDTitleCVSSSeverityPublished
CVE-2026-42225 GnuTLS backend silently skips certificate chain verification when verify_peer is false — pjprojectCWE-295 7.5AIHighAI2026-05-07
CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream — pjprojectCWE-190 7.5AIHighAI2026-04-24
CVE-2026-41415 PJSIP: SIP Multipart CID URI Length Underflow — pjprojectCWE-125 9.1AICriticalAI2026-04-24
CVE-2026-40892 PJSIP: Stack buffer overflow in pjsip_auth_create_digest2() — pjprojectCWE-121 9.8AICriticalAI2026-04-21
CVE-2026-40614 PJSIP: Heap buffer overflow in Opus codec decoding — pjprojectCWE-122 7.5AIHighAI2026-04-21
CVE-2026-34235 PJSIP: Heap OOB read in VPX unpacketizer — pjprojectCWE-125 9.1AICriticalAI2026-03-31
CVE-2026-33069 PJSIP has an Out-of-bounds Read in SIP multipart parsing — pjprojectCWE-125 9.1 -2026-03-20
CVE-2026-32945 PJSIP is vulnerable to Heap-based Buffer Overflow through DNS parser — pjprojectCWE-122 9.1 -2026-03-20
CVE-2026-32942 PJSIP has ICE session use-after-free race conditions — pjprojectCWE-416 8.1 -2026-03-20
CVE-2026-28799 PJSIP: Heap use-after-free in PJSIP presence subscription termination handler — pjprojectCWE-416 9.8 -2026-03-06
CVE-2026-29068 PJSIP: Stack buffer overflow in Opus codec parser — pjprojectCWE-121 7.5 -2026-03-06
CVE-2026-26967 PJSIP has a Heap-based Buffer Overflow vulnerability in its H.264 unpacketizer — pjprojectCWE-122 9.8 -2026-02-20
CVE-2026-26203 PJSIP's pjmedia-video has use-after-free in H264 packetizer when packetizing fragmented NAL — pjmedia-videoCWE-416 9.1 -2026-02-19
CVE-2026-25994 PJSIP has a heap buffer overflow in ICE with long username — pjprojectCWE-120 9.8AICriticalAI2026-02-11
CVE-2025-65102 PJSIP is vulnerable to buffer overflow in Opus PLC — pjprojectCWE-120 6.5 -2025-11-21
CVE-2023-38703 PJSIP has use-after-free vulnerability in SRTP media transport — pjprojectCWE-416 9.8 Critical2023-10-06
CVE-2023-27585 PJSIP 安全漏洞 — pjprojectCWE-122 7.5 High2023-03-14
CVE-2022-23547 Heap buffer overflow in pjproject when decoding STUN message — pjprojectCWE-122 6.5 Medium2022-12-23
CVE-2022-23537 PJSIP vulnerable to heap buffer overflow when decoding STUN message — pjprojectCWE-122 6.5 Medium2022-12-20
CVE-2022-39244 Buffer overflow in pjlib scanner and pjmedia — pjprojectCWE-120 7.5 High2022-10-06
CVE-2022-39269 Media transport downgrade from the secure version (SRTP) to non-secure (RTP) in pjsip — pjprojectCWE-319 9.1 Critical2022-10-06
CVE-2022-31031 Potential stack buffer overflow when parsing message as a STUN client — pjprojectCWE-120 9.8 Critical2022-06-07
CVE-2022-24792 Potential infinite loop when parsing WAV format file in PJSIP — pjprojectCWE-835 7.5 High2022-04-25
CVE-2022-24793 Potential heap buffer overflow when parsing DNS packets in PJSIP — pjprojectCWE-120 7.5 High2022-04-06
CVE-2022-24786 Potential out-of-bound read/write in PJSIP — pjprojectCWE-125 9.8 Critical2022-04-06
CVE-2022-24763 Infinite Loop in PJSIP — pjprojectCWE-835 7.5 High2022-03-30
CVE-2022-24764 Stack buffer overflow in pjproject — pjprojectCWE-120 7.5 High2022-03-22
CVE-2022-24754 Buffer overflow in pjsip — pjprojectCWE-120 8.5 High2022-03-11
CVE-2022-23608 Use after free in PJSIP — pjprojectCWE-416 8.1 High2022-02-22
CVE-2022-21723 Out-of-bounds read in multipart parsing in PJSIP — pjprojectCWE-125 9.1 Critical2022-01-27

This page lists every published CVE security advisory associated with pjsip. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.