CVE-2026-34235
Heap Out-of-Bounds Read in PJSIP VP9 RTP Unpacketizer
Publication date: 2026-03-31
Last updated on: 2026-04-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teluu | pjsip | to 2.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34235 is a heap out-of-bounds read vulnerability in the VP9 RTP unpacketizer component of the PJSIP multimedia communication library versions 2.16 and earlier.
The vulnerability occurs when parsing specially crafted VP9 Scalability Structure (SS) data due to insufficient bounds checking on the payload descriptor length. This flaw allows the software to read beyond the allocated RTP payload buffer on the heap, which can lead to unexpected behavior or crashes.
The issue has been fixed in version 2.17 by adding proper bounds checks to prevent out-of-bounds memory access.
A workaround for this vulnerability is to disable the VP9 codec if it is not needed.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs in PJSIP applications with video support enabled that process VP9 RTP media. Detection involves identifying if your system is running a vulnerable version of PJSIP (version 2.16 or earlier) and if VP9 codec processing is enabled.
Since the issue is a heap out-of-bounds read triggered by crafted VP9 Scalability Structure data in RTP streams, network detection could involve monitoring RTP traffic for VP9 codec usage and inspecting payloads for malformed VP9 SS data.
Specific commands are not provided in the available resources, but general approaches include:
- Check the installed PJSIP version to confirm if it is 2.16 or earlier.
- Use packet capture tools like tcpdump or Wireshark to filter RTP streams using VP9 codec.
- Analyze RTP payloads for VP9 Scalability Structure data that may be malformed or crafted.
- Review application logs for crashes or errors related to RTP media processing.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade PJSIP to version 2.17 or later, where the vulnerability has been patched.
If upgrading is not immediately possible, a recommended workaround is to disable the VP9 codec if it is not needed in your application.
How can this vulnerability impact me? :
This vulnerability can impact any PJSIP application that has video support enabled and processes VP9 RTP media.
An attacker could exploit this flaw by sending crafted VP9 Scalability Structure data, causing the application to read memory beyond its allocated buffer.
Potential impacts include application crashes, denial of service, or other unpredictable behavior due to memory corruption.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.