CVE-2026-34235
Received Received - Intake
Heap Out-of-Bounds Read in PJSIP VP9 RTP Unpacketizer

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: GitHub, Inc.

Description
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure (SS) data. Insufficient bounds checking on the payload descriptor length may cause reads beyond the allocated RTP payload buffer. This issue has been patched in version 2.17. A workaround for this issue involves disabling VP9 codec if not needed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34235
EUVD
EUVD-2026-17494
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
teluu pjsip to 2.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability occurs in PJSIP applications with video support enabled that process VP9 RTP media. Detection involves identifying if your system is running a vulnerable version of PJSIP (version 2.16 or earlier) and if VP9 codec processing is enabled.

Since the issue is a heap out-of-bounds read triggered by crafted VP9 Scalability Structure data in RTP streams, network detection could involve monitoring RTP traffic for VP9 codec usage and inspecting payloads for malformed VP9 SS data.

Specific commands are not provided in the available resources, but general approaches include:

  • Check the installed PJSIP version to confirm if it is 2.16 or earlier.
  • Use packet capture tools like tcpdump or Wireshark to filter RTP streams using VP9 codec.
  • Analyze RTP payloads for VP9 Scalability Structure data that may be malformed or crafted.
  • Review application logs for crashes or errors related to RTP media processing.
Mitigation Strategies

The primary mitigation is to upgrade PJSIP to version 2.17 or later, where the vulnerability has been patched.

If upgrading is not immediately possible, a recommended workaround is to disable the VP9 codec if it is not needed in your application.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-34235 is a heap out-of-bounds read vulnerability in the VP9 RTP unpacketizer component of the PJSIP multimedia communication library versions 2.16 and earlier.

The vulnerability occurs when parsing specially crafted VP9 Scalability Structure (SS) data due to insufficient bounds checking on the payload descriptor length. This flaw allows the software to read beyond the allocated RTP payload buffer on the heap, which can lead to unexpected behavior or crashes.

The issue has been fixed in version 2.17 by adding proper bounds checks to prevent out-of-bounds memory access.

A workaround for this vulnerability is to disable the VP9 codec if it is not needed.

Impact Analysis

This vulnerability can impact any PJSIP application that has video support enabled and processes VP9 RTP media.

An attacker could exploit this flaw by sending crafted VP9 Scalability Structure data, causing the application to read memory beyond its allocated buffer.

Potential impacts include application crashes, denial of service, or other unpredictable behavior due to memory corruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34235. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart