CVE-2026-32942

EUVD-2026-13520
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a  heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
pjsippjsip
𝑥
< 2.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/pjsip/pjproject/commit/c9caceddabda7f18337b2a82d25d65f6224b450a
https://github.com/pjsip/pjproject/issues/1451
https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7