CVE-2026-26967
Received Received - Intake

Heap-Based Buffer Overflow in PJSIP H.264 Unpacketizer

Vulnerability report for CVE-2026-26967, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-20

Last updated on: 2026-02-20

Assigner: GitHub, Inc.

Description

PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds. The vulnerability affects applications that receive video using H.264. A patch is available at https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-20
Last Modified
2026-02-20
Generated
2026-07-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
pjsip pjsip to 2.17 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-26967 is a critical heap-based buffer overflow vulnerability in the H.264 unpacketizer component of the PJSIP multimedia communication library (version 2.16 and below).

The vulnerability occurs when processing malformed Secure Real-time Transport Protocol (SRTP) packets. Specifically, the unpacketizer reads a 2-byte NAL unit size field without verifying that both bytes are within the bounds of the payload buffer, which can lead to out-of-bounds memory access.

This improper boundary check can cause a heap buffer overflow, potentially allowing an attacker to manipulate memory in unintended ways.

Impact Analysis

This vulnerability can impact applications that receive video streams encoded with H.264 using PJSIP versions 2.16 and below.

An attacker could exploit this flaw by sending malformed SRTP packets that trigger the heap buffer overflow, potentially leading to application crashes, denial of service, or even arbitrary code execution depending on the context.

Compliance Impact

I don't know

Detection Guidance

This vulnerability occurs when processing malformed SRTP packets containing H.264 video streams, specifically due to improper validation of a 2-byte NAL unit size field. Detection would involve monitoring or analyzing network traffic for malformed SRTP packets targeting applications using PJSIP versions 2.16 and below.

Since the vulnerability is related to the H.264 unpacketizer in PJSIP, one approach is to capture SRTP traffic and inspect the payloads for malformed NAL units that could trigger the buffer overflow.

However, no specific detection commands or signatures are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to update PJSIP to version 2.17 or later, which includes the patch fixing this heap-based buffer overflow vulnerability.

The patch, available in commit f821c21, adds boundary checks in the H.264 unpacketizer to prevent reading beyond the payload buffer.

Until the update can be applied, consider restricting or monitoring SRTP traffic carrying H.264 video streams to reduce exposure to malformed packets.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26967. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart