Out-of-Bounds Read in PJSIP Library Affects Communication Functionality
CVE-2026-41415

6.7MEDIUM

Key Information:

Vendor: Pjsip
Status: Pjproject
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-41415?

The PJSIP library, widely utilized for multimedia communication, presents a vulnerability that allows for an out-of-bounds read due to insufficient length validation when processing a malformed Content-ID URI within SIP multipart message bodies. This may lead to unauthorized memory access beyond intended buffer limits, potentially compromising application stability. Users are advised to upgrade to PJSIP version 2.17 to mitigate this risk.

Affected Version(s)

pjproject < 2.17

References

https://github.com/pjsip/pjproject/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/pjsip/pjproject/commit/4225a93c1666153...

x_refsource_MISC

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41415 Data

JSON

Pjsip

What is CVE-2026-41415?

Affected Version(s)

References

CVSS V4

Timeline