DEBIAN-CVE-2026-26203

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-26203

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-26203.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-26203

Upstream

CVE-2026-26203

Published

2026-02-19T20:25:43.113Z

Modified

2026-04-28T20:31:23.728732Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked pointer arithmetic that can read from memory located before the allocated buffer. Version 2.17 contains a patch for the issue.

References

https://security-tracker.debian.org/tracker/CVE-2026-26203

Affected packages

Debian:11 / asterisk

Package

Name: asterisk
Purl: pkg:deb/debian/asterisk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:16.*

1:16.16.1~dfsg-1

1:16.16.1~dfsg-1+deb11u1~bpo10+1

1:16.16.1~dfsg-1+deb11u1

1:16.16.1~dfsg-2

1:16.16.1~dfsg-3

1:16.16.1~dfsg-4

1:16.16.1~dfsg+~2.10-1

1:16.16.1~dfsg+~2.10-2

1:16.23.0~dfsg+~2.10-1

1:16.23.0~dfsg+~cs6.10.20220309-1

1:16.23.0~dfsg+~cs6.10.20220309-2

1:16.23.0~dfsg+~cs6.10.40431411-1

1:16.28.0~dfsg-0+deb11u1

1:16.28.0~dfsg-0+deb11u2

1:16.28.0~dfsg-0+deb11u3

1:16.28.0~dfsg-0+deb11u4

1:16.28.0~dfsg-0+deb11u5

1:16.28.0~dfsg-0+deb11u6

1:16.28.0~dfsg-0+deb11u7

1:16.28.0~dfsg-0+deb11u8

1:16.28.0~dfsg-0+deb11u9

1:18.*

1:18.9.0~dfsg+~cs6.10.40431411-1

1:18.10.0~dfsg+~cs6.10.40431411-1

1:18.10.0~dfsg+~cs6.10.40431411-2

1:18.10.1~dfsg+~cs6.10.40431411-1

1:18.11.1~dfsg+~cs6.10.40431413-1

1:18.11.2~dfsg+~cs6.10.40431413-1

1:18.12.0~dfsg+~cs6.12.40431413-1

1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1

1:18.14.0~dfsg+~cs6.12.40431414-1

1:20.*

1:20.0.0~~rc1~dfsg+~cs6.12.40431414-1

1:20.0.0~~rc2~dfsg+~cs6.12.40431414-1

1:20.0.0~dfsg+~cs6.12.40431414-1

1:20.0.0~dfsg+~cs6.12.40431414-2

1:20.0.1~dfsg+~cs6.12.40431414-1

1:20.1.0~~rc2~dfsg+~cs6.12.40431414-1

1:20.1.0~dfsg+~cs6.12.40431414-1

1:20.2.1~dfsg+~cs6.13.40431413-1

1:20.3.0~dfsg+~cs6.13.40431413-1

1:20.4.0~dfsg+~cs6.13.40431414-1

1:20.4.0~dfsg+~cs6.13.40431414-2

1:20.5.0~dfsg+~cs6.13.40431414-1

1:20.5.1~dfsg+~cs6.13.40431414-1

1:20.5.2~dfsg+~cs6.13.40431414-1

1:20.6.0~dfsg+~cs6.13.40431414-1

1:20.6.0~dfsg+~cs6.13.40431414-2

1:20.8.1~dfsg+~cs6.14.40431414-1

1:20.9.3~dfsg+~cs6.14.60671435-1

1:22.*

1:22.0.0~~rc2~dfsg+~cs6.14.60671435-1

1:22.0.0~dfsg+~cs6.14.60671435-1

1:22.1.0~dfsg+~cs6.14.60671435-1

1:22.1.1~dfsg+~cs6.14.60671435-1

1:22.2.0~dfsg+~cs6.15.60671435-1

1:22.2.0~dfsg+~cs6.15.60671435-2

1:22.3.0~~rc1~dfsg+~cs6.15.60671435-1

1:22.3.0~dfsg+~cs6.15.60671435-1

1:22.4.1~dfsg+~cs6.15.60671435-1

1:22.4.1~dfsg+~cs6.15.60671435-2

1:22.5.1~dfsg+~cs6.15.60671435-1

1:22.5.2~dfsg+~cs6.15.60671435-1

1:22.6.0~dfsg+~cs6.15.60671435-1

1:22.7.0~dfsg+~cs6.15.60671435-1

1:22.8.0+dfsg+~cs6.15.60671435-1

1:22.8.2+dfsg+~cs6.15.60671435-1

1:22.9.0+dfsg+~cs6.16.60671434-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-26203.json"