Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-40614

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were allocated based on a PCM-derived formula: (sample_rate/1000) * 60 * channel_cnt * 2. At 8 kHz mono this yields only 960 bytes, but codec_parse() can output encoded frames up to MAX_ENCODED_PACKET_SIZE (1280) bytes via opus_repacketizer_out_range(). The three pj_memcpy() calls in codec_decode() copied input->size bytes without bounds checking, causing a heap buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.4%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-40614
  • Pjsip » Pjsip » Version: N/A
    cpe:2.3:a:pjsip:pjsip:-
  • Pjsip » Pjsip » Version: 0.5.0.1
    cpe:2.3:a:pjsip:pjsip:0.5.0.1
  • Pjsip » Pjsip » Version: 0.5.10
    cpe:2.3:a:pjsip:pjsip:0.5.10
  • Pjsip » Pjsip » Version: 0.5.10.1
    cpe:2.3:a:pjsip:pjsip:0.5.10.1
  • Pjsip » Pjsip » Version: 0.5.10.2
    cpe:2.3:a:pjsip:pjsip:0.5.10.2
  • Pjsip » Pjsip » Version: 0.5.10.3
    cpe:2.3:a:pjsip:pjsip:0.5.10.3
  • Pjsip » Pjsip » Version: 0.5.10.4
    cpe:2.3:a:pjsip:pjsip:0.5.10.4
  • Pjsip » Pjsip » Version: 0.5.2
    cpe:2.3:a:pjsip:pjsip:0.5.2
  • Pjsip » Pjsip » Version: 0.5.3
    cpe:2.3:a:pjsip:pjsip:0.5.3
  • Pjsip » Pjsip » Version: 0.5.4
    cpe:2.3:a:pjsip:pjsip:0.5.4
  • Pjsip » Pjsip » Version: 0.5.5.1
    cpe:2.3:a:pjsip:pjsip:0.5.5.1
  • Pjsip » Pjsip » Version: 0.5.6
    cpe:2.3:a:pjsip:pjsip:0.5.6
  • Pjsip » Pjsip » Version: 0.5.6.1
    cpe:2.3:a:pjsip:pjsip:0.5.6.1
  • Pjsip » Pjsip » Version: 0.5.7
    cpe:2.3:a:pjsip:pjsip:0.5.7
  • Pjsip » Pjsip » Version: 0.5.8
    cpe:2.3:a:pjsip:pjsip:0.5.8
  • Pjsip » Pjsip » Version: 0.5.9
    cpe:2.3:a:pjsip:pjsip:0.5.9
  • Pjsip » Pjsip » Version: 0.7.0
    cpe:2.3:a:pjsip:pjsip:0.7.0
  • Pjsip » Pjsip » Version: 0.8.0
    cpe:2.3:a:pjsip:pjsip:0.8.0
  • Pjsip » Pjsip » Version: 0.9.0
    cpe:2.3:a:pjsip:pjsip:0.9.0
  • Pjsip » Pjsip » Version: 1.0
    cpe:2.3:a:pjsip:pjsip:1.0
  • Pjsip » Pjsip » Version: 1.0.1
    cpe:2.3:a:pjsip:pjsip:1.0.1
  • Pjsip » Pjsip » Version: 1.0.2
    cpe:2.3:a:pjsip:pjsip:1.0.2
  • Pjsip » Pjsip » Version: 1.0.3
    cpe:2.3:a:pjsip:pjsip:1.0.3
  • Pjsip » Pjsip » Version: 1.1
    cpe:2.3:a:pjsip:pjsip:1.1
  • Pjsip » Pjsip » Version: 1.10
    cpe:2.3:a:pjsip:pjsip:1.10
  • Pjsip » Pjsip » Version: 1.12
    cpe:2.3:a:pjsip:pjsip:1.12
  • Pjsip » Pjsip » Version: 1.14
    cpe:2.3:a:pjsip:pjsip:1.14
  • Pjsip » Pjsip » Version: 1.14.2
    cpe:2.3:a:pjsip:pjsip:1.14.2
  • Pjsip » Pjsip » Version: 1.16
    cpe:2.3:a:pjsip:pjsip:1.16
  • Pjsip » Pjsip » Version: 1.2
    cpe:2.3:a:pjsip:pjsip:1.2
  • Pjsip » Pjsip » Version: 1.3
    cpe:2.3:a:pjsip:pjsip:1.3
  • Pjsip » Pjsip » Version: 1.4
    cpe:2.3:a:pjsip:pjsip:1.4
  • Pjsip » Pjsip » Version: 1.4.5
    cpe:2.3:a:pjsip:pjsip:1.4.5
  • Pjsip » Pjsip » Version: 1.5
    cpe:2.3:a:pjsip:pjsip:1.5
  • Pjsip » Pjsip » Version: 1.5.5
    cpe:2.3:a:pjsip:pjsip:1.5.5
  • Pjsip » Pjsip » Version: 1.6
    cpe:2.3:a:pjsip:pjsip:1.6
  • Pjsip » Pjsip » Version: 1.7
    cpe:2.3:a:pjsip:pjsip:1.7
  • Pjsip » Pjsip » Version: 1.8
    cpe:2.3:a:pjsip:pjsip:1.8
  • Pjsip » Pjsip » Version: 1.8.10
    cpe:2.3:a:pjsip:pjsip:1.8.10
  • Pjsip » Pjsip » Version: 1.8.5
    cpe:2.3:a:pjsip:pjsip:1.8.5
  • Pjsip » Pjsip » Version: 2.0
    cpe:2.3:a:pjsip:pjsip:2.0
  • Pjsip » Pjsip » Version: 2.0.1
    cpe:2.3:a:pjsip:pjsip:2.0.1
  • Pjsip » Pjsip » Version: 2.1
    cpe:2.3:a:pjsip:pjsip:2.1
  • Pjsip » Pjsip » Version: 2.10
    cpe:2.3:a:pjsip:pjsip:2.10
  • Pjsip » Pjsip » Version: 2.11
    cpe:2.3:a:pjsip:pjsip:2.11
  • Pjsip » Pjsip » Version: 2.11.1
    cpe:2.3:a:pjsip:pjsip:2.11.1
  • Pjsip » Pjsip » Version: 2.12
    cpe:2.3:a:pjsip:pjsip:2.12
  • Pjsip » Pjsip » Version: 2.13
    cpe:2.3:a:pjsip:pjsip:2.13
  • Pjsip » Pjsip » Version: 2.13.1
    cpe:2.3:a:pjsip:pjsip:2.13.1
  • Pjsip » Pjsip » Version: 2.14
    cpe:2.3:a:pjsip:pjsip:2.14
  • Pjsip » Pjsip » Version: 2.14.1
    cpe:2.3:a:pjsip:pjsip:2.14.1
  • Pjsip » Pjsip » Version: 2.15
    cpe:2.3:a:pjsip:pjsip:2.15
  • Pjsip » Pjsip » Version: 2.15.1
    cpe:2.3:a:pjsip:pjsip:2.15.1
  • Pjsip » Pjsip » Version: 2.16
    cpe:2.3:a:pjsip:pjsip:2.16
  • Pjsip » Pjsip » Version: 2.2
    cpe:2.3:a:pjsip:pjsip:2.2
  • Pjsip » Pjsip » Version: 2.2.1
    cpe:2.3:a:pjsip:pjsip:2.2.1
  • Pjsip » Pjsip » Version: 2.3
    cpe:2.3:a:pjsip:pjsip:2.3
  • Pjsip » Pjsip » Version: 2.4
    cpe:2.3:a:pjsip:pjsip:2.4
  • Pjsip » Pjsip » Version: 2.4.5
    cpe:2.3:a:pjsip:pjsip:2.4.5
  • Pjsip » Pjsip » Version: 2.5
    cpe:2.3:a:pjsip:pjsip:2.5
  • Pjsip » Pjsip » Version: 2.5.1
    cpe:2.3:a:pjsip:pjsip:2.5.1
  • Pjsip » Pjsip » Version: 2.5.5
    cpe:2.3:a:pjsip:pjsip:2.5.5
  • Pjsip » Pjsip » Version: 2.6
    cpe:2.3:a:pjsip:pjsip:2.6
  • Pjsip » Pjsip » Version: 2.7
    cpe:2.3:a:pjsip:pjsip:2.7
  • Pjsip » Pjsip » Version: 2.7.1
    cpe:2.3:a:pjsip:pjsip:2.7.1
  • Pjsip » Pjsip » Version: 2.7.2
    cpe:2.3:a:pjsip:pjsip:2.7.2
  • Pjsip » Pjsip » Version: 2.8
    cpe:2.3:a:pjsip:pjsip:2.8
  • Pjsip » Pjsip » Version: 2.9
    cpe:2.3:a:pjsip:pjsip:2.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved