CVE-2026-41416 | THREATINT

Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can lead to unexpected application termination or memory corruption This vulnerability is fixed in 2.17.

PUBLISHED Reserved 2026-04-20 | Published 2026-04-24 | Updated 2026-04-27 | Assigner GitHub_M

HIGH: 8.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Problem types

CWE-190: Integer Overflow or Wraparound

Product status

< 2.17

affected

References

github.com/...roject/security/advisories/GHSA-f33g-8hjq-62xr

github.com/...ommit/66fe416c96e957417621b7be16e9e587d159f9bb

cve.org (CVE-2026-41416)

nvd.nist.gov (CVE-2026-41416)

Download JSON