PJSIP: Asymmetric ptime integer overflow in Media Stream_CVE-2026-41416

8.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can lead to unexpected application termination or memory corruption This vulnerability is fixed in 2.17.

Basic Information

ID CVE-2026-41416

Source GitHub_M

Published Apr 24, 2026 at 18:40

Affected Product

Vendor pjsip

Product pjproject

Version < 2.17

Affected Versions pjsip pjproject < 2.17

CWE Classification

CWE-190

References

{
    "lastseen": "",
    "description": "PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can lead to unexpected application termination or memory corruption This vulnerability is fixed in 2.17.",
    "published": "2026-04-24T18:40:08.349Z",
    "modified": "2026-04-24T18:40:08.349Z",
    "type": "cve",
    "title": "PJSIP: Asymmetric ptime integer overflow in Media Stream",
    "source": "GitHub_M",
    "references": "https://github.com/pjsip/pjproject/security/advisories/GHSA-f33g-8hjq-62xr\nhttps://github.com/pjsip/pjproject/commit/66fe416c96e957417621b7be16e9e587d159f9bb",
    "id": "CVE-2026-41416",
    "bulletinFamily": "",
    "cwe": [
        "CWE-190"
    ],
    "cvelist": null,
    "sourceData": "pjsip pjproject < 2.17",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pjproject",
    "version": "< 2.17",
    "vendor": "pjsip",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}