Heap Use-After-Free Vulnerability in PJSIP Multimedia Communication Library
CVE-2026-32942

8HIGH

Key Information:

Vendor

Pjsip

Status
Pjproject
Vendor
CVE Published:
20 March 2026

What is CVE-2026-32942?

The PJSIP multimedia communication library has a heap use-after-free vulnerability in its ICE session handling. This issue arises during race conditions that occur between the destruction of a session and the related callbacks, which could potentially lead to memory corruption or application crashes. The vulnerability affects all PJSIP versions up to 2.16. It has been remediated in version 2.17, where the relevant code has been corrected to ensure that such race conditions no longer pose a threat.

Affected Version(s)

pjproject < 2.17

References

https://github.com/pjsip/pjproject/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/pjsip/pjproject/issues/1451
x_refsource_MISC
https://github.com/pjsip/pjproject/commit/c9caceddabda7f1...
x_refsource_MISC

CVSS V4

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.