CVE-2026-28799

High CVSS: 8.7

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.

Vendor

Pjsip

Product

Pjsip

CWE

CWE-416

Yayın Tarihi

2026-03-06 07:16:00

Güncelleme

2026-03-10 19:44:11

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-416 Pjsip HIGH Pjsip 2026

Referanslar

https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1 https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc

Benzer Kayıtlar

Medium

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading…

High

CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap u…

High

CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based…

High

CVE-2026-29068

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack b…

High

CVE-2026-26967

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a cr…

Medium

CVE-2026-26203

PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer und…