CVE-2026-41415
PJSIP: SIP Multipart CID URI Length Underflow
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This vulnerability is fixed in 2.17.
| CWE | CWE-125 |
| Vendor | pjsip |
| Product | pjproject |
| Published | Apr 24, 2026 |
| Last Updated | Apr 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for pjsip pjproject
Be the first to know when new unknown vulnerabilities affecting pjsip pjproject are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
pjsip / pjproject
< 2.17