CVE-2026-28799
PJSIP: Heap use-after-free in PJSIP presence subscription termination handler
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.
| CWE | CWE-416 |
| Vendor | pjsip |
| Product | pjproject |
| Published | Mar 6, 2026 |
| Last Updated | Mar 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for pjsip pjproject
Be the first to know when new unknown vulnerabilities affecting pjsip pjproject are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
pjsip / pjproject
< 2.17