216.73.216.6

CVE-2026-26967

· Published 20/02/2026 01:15 · Modified 20/02/2026 19:30

Labels: CVE-2026-26967 2026-02-20CVE-2026-26967CWE-122[email protected]

Essential information

Published
20/02/2026 01:15
Modified
20/02/2026 19:30
Author
Creator
CVSS
8.1 HIGH (v3) 8.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds. The vulnerability affects applications that receive video using H.264. A patch is available at https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
pjsip / pjsip cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*

References