CVE-2026-26967
Heap-Based Buffer Overflow in PJSIP H.264 Unpacketizer
Publication date: 2026-02-20
Last updated on: 2026-02-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pjsip | pjsip | to 2.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-26967 is a critical heap-based buffer overflow vulnerability in the H.264 unpacketizer component of the PJSIP multimedia communication library (version 2.16 and below).
The vulnerability occurs when processing malformed Secure Real-time Transport Protocol (SRTP) packets. Specifically, the unpacketizer reads a 2-byte NAL unit size field without verifying that both bytes are within the bounds of the payload buffer, which can lead to out-of-bounds memory access.
This improper boundary check can cause a heap buffer overflow, potentially allowing an attacker to manipulate memory in unintended ways.
How can this vulnerability impact me? :
This vulnerability can impact applications that receive video streams encoded with H.264 using PJSIP versions 2.16 and below.
An attacker could exploit this flaw by sending malformed SRTP packets that trigger the heap buffer overflow, potentially leading to application crashes, denial of service, or even arbitrary code execution depending on the context.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when processing malformed SRTP packets containing H.264 video streams, specifically due to improper validation of a 2-byte NAL unit size field. Detection would involve monitoring or analyzing network traffic for malformed SRTP packets targeting applications using PJSIP versions 2.16 and below.
Since the vulnerability is related to the H.264 unpacketizer in PJSIP, one approach is to capture SRTP traffic and inspect the payloads for malformed NAL units that could trigger the buffer overflow.
However, no specific detection commands or signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update PJSIP to version 2.17 or later, which includes the patch fixing this heap-based buffer overflow vulnerability.
The patch, available in commit f821c21, adds boundary checks in the H.264 unpacketizer to prevent reading beyond the payload buffer.
Until the update can be applied, consider restricting or monitoring SRTP traffic carrying H.264 video streams to reduce exposure to malformed packets.