QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-26967

Back to search

CVE-2026-26967

Published: Feb 20, 2026

Modified: Feb 20, 2026

PUBLISHED

Description

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds. The vulnerability affects applications that receive video using H.264. A patch is available at https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491.

VendorProductVersions

pjsip

pjproject

affected
< f821c214e52b11bae11e4cd3c7f0864538fb5491

Weaknesses (CWE)

CWE-122

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2026-26967 - Security Vulnerability | QwikSec