{"id":"CVE-2026-29068","summary":"PJSIP: Stack buffer overflow in Opus codec parser","details":"PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.","aliases":["GHSA-pqww-jrxr-457f"],"modified":"2026-04-12T20:28:23.568947Z","published":"2026-03-06T06:36:45.790Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29068.json","cwe_ids":["CWE-121"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29068.json"},{"type":"ADVISORY","url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29068"},{"type":"FIX","url":"https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pjsip/pjproject","events":[{"introduced":"0"},{"fixed":"6c9024511bf5307ff72efde1f90c9a2a226d8967"}]}],"versions":["2.10","2.11","2.12","2.13","2.14","2.15","2.16"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.17"}]}],"vanir_signatures":[{"signature_type":"Function","id":"CVE-2026-29068-0458fa67","digest":{"length":2417,"function_hash":"119019694950979365314884593179521721412"},"deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967","target":{"function":"codec_parse","file":"pjmedia/src/pjmedia-codec/opus.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2026-29068-1b18c845","digest":{"length":836,"function_hash":"19792375515768066155497353355258283027"},"deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967","target":{"function":"silk_codec_parse","file":"pjmedia/src/pjmedia-codec/silk.c"},"signature_version":"v1"},{"signature_type":"Line","id":"CVE-2026-29068-4b32e2bc","digest":{"line_hashes":["145631560369800916946255313272701558671","331006947273140437506431332704532067090","100577357390364271485950520926132648748","61070961428523547661787704085583857448"],"threshold":0.9},"deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967","target":{"file":"pjmedia/src/pjmedia-codec/silk.c"},"signature_version":"v1"},{"signature_type":"Line","id":"CVE-2026-29068-520e2484","digest":{"line_hashes":["236359039764110464382364782841533770276","255230986063088836017646940334553127325","201945029237111829042068265830052603993","3472471171036641877403100437216719724","92307553861743661742600858785661401764","36839618275617774926299307500259241866","294489290443583580976657872838162835155"],"threshold":0.9},"deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967","target":{"file":"pjmedia/src/pjmedia-codec/speex_codec.c"},"signature_version":"v1"},{"signature_type":"Line","id":"CVE-2026-29068-9aeef6f9","digest":{"line_hashes":["132259375209488255077069753866078228344","136994932638122953230581971136437453246","195173945588599456973584471639278635947","230220917884483863429076291327803800291","41920388703280345650813287294613879188","232966878441348110269917795287137236639"],"threshold":0.9},"deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967","target":{"file":"pjmedia/src/pjmedia-codec/opus.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2026-29068-eab9a2ea","digest":{"length":910,"function_hash":"73151272230626437560672577928714930939"},"deprecated":false,"source":"https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967","target":{"function":"spx_codec_parse","file":"pjmedia/src/pjmedia-codec/speex_codec.c"},"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29068.json","vanir_signatures_modified":"2026-04-12T20:28:23Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}