CVE-2026-29068

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-29068

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29068.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-29068

Aliases

GHSA-pqww-jrxr-457f

Downstream

DEBIAN-CVE-2026-29068

UBUNTU-CVE-2026-29068

Published

2026-03-06T06:36:45.790Z

Modified

2026-04-12T20:28:23.568947Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

PJSIP: Stack buffer overflow in Opus codec parser

Details

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.

Database specific

{
    "cwe_ids": [
        "CWE-121"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29068.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/pjsip/pjproject

Affected ranges

Type: GIT
Repo: https://github.com/pjsip/pjproject
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6c9024511bf5307ff72efde1f90c9a2a226d8967

Affected versions

2.*

2.10

2.11

2.12

2.13

2.14

2.15

2.16

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.17"
            }
        ]
    }
]

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2026-29068-0458fa67",
        "digest": {
            "length": 2417.0,
            "function_hash": "119019694950979365314884593179521721412"
        },
        "source": "https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967",
        "signature_type": "Function",
        "target": {
            "file": "pjmedia/src/pjmedia-codec/opus.c",
            "function": "codec_parse"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2026-29068-1b18c845",
        "digest": {
            "length": 836.0,
            "function_hash": "19792375515768066155497353355258283027"
        },
        "source": "https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967",
        "signature_type": "Function",
        "target": {
            "file": "pjmedia/src/pjmedia-codec/silk.c",
            "function": "silk_codec_parse"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2026-29068-4b32e2bc",
        "digest": {
            "line_hashes": [
                "145631560369800916946255313272701558671",
                "331006947273140437506431332704532067090",
                "100577357390364271485950520926132648748",
                "61070961428523547661787704085583857448"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967",
        "signature_type": "Line",
        "target": {
            "file": "pjmedia/src/pjmedia-codec/silk.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2026-29068-520e2484",
        "digest": {
            "line_hashes": [
                "236359039764110464382364782841533770276",
                "255230986063088836017646940334553127325",
                "201945029237111829042068265830052603993",
                "3472471171036641877403100437216719724",
                "92307553861743661742600858785661401764",
                "36839618275617774926299307500259241866",
                "294489290443583580976657872838162835155"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967",
        "signature_type": "Line",
        "target": {
            "file": "pjmedia/src/pjmedia-codec/speex_codec.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2026-29068-9aeef6f9",
        "digest": {
            "line_hashes": [
                "132259375209488255077069753866078228344",
                "136994932638122953230581971136437453246",
                "195173945588599456973584471639278635947",
                "230220917884483863429076291327803800291",
                "41920388703280345650813287294613879188",
                "232966878441348110269917795287137236639"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967",
        "signature_type": "Line",
        "target": {
            "file": "pjmedia/src/pjmedia-codec/opus.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2026-29068-eab9a2ea",
        "digest": {
            "length": 910.0,
            "function_hash": "73151272230626437560672577928714930939"
        },
        "source": "https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967",
        "signature_type": "Function",
        "target": {
            "file": "pjmedia/src/pjmedia-codec/speex_codec.c",
            "function": "spx_codec_parse"
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29068.json"

vanir_signatures_modified

"2026-04-12T20:28:23Z"