CVE-2026-41416

UNKNOWN 0.0

PJSIP: Asymmetric ptime integer overflow in Media Stream

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can lead to unexpected application termination or memory corruption This vulnerability is fixed in 2.17.

CWE	CWE-190
Vendor	pjsip
Product	pjproject
Published	Apr 24, 2026

Stay Ahead of the Next One

Get instant alerts for pjsip pjproject

Be the first to know when new unknown vulnerabilities affecting pjsip pjproject are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

pjsip / pjproject

< 2.17

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/pjsip/pjproject/security/advisories/GHSA-f33g-8hjq-62xr github.com: https://github.com/pjsip/pjproject/commit/66fe416c96e957417621b7be16e9e587d159f9bb