CVE-2026-40614

UNKNOWN 0.0

PJSIP: Heap buffer overflow in Opus codec decoding

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were allocated based on a PCM-derived formula: (sample_rate/1000) * 60 * channel_cnt * 2. At 8 kHz mono this yields only 960 bytes, but codec_parse() can output encoded frames up to MAX_ENCODED_PACKET_SIZE (1280) bytes via opus_repacketizer_out_range(). The three pj_memcpy() calls in codec_decode() copied input->size bytes without bounds checking, causing a heap buffer overflow.

CWE	CWE-122
Vendor	pjsip
Product	pjproject
Published	Apr 21, 2026

Stay Ahead of the Next One

Get instant alerts for pjsip pjproject

Be the first to know when new unknown vulnerabilities affecting pjsip pjproject are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

pjsip / pjproject

<= 2.16

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g github.com: https://github.com/pjsip/pjproject/commit/17897e835818f8ee03b1806ddcd7b95ea16d2c0e