ByteOS Network

NVD Vulnerability Details :

CVE-2026-26203

Received

Source-security-advisories@github.com

Published At-19 Feb, 2026 | 20:25

Updated At-19 Feb, 2026 | 20:25

PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start codes, where the packetizer performs unchecked pointer arithmetic that can read from memory located before the allocated buffer. Version 2.17 contains a patch for the issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.1	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 5.1

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-416	Primary	security-advisories@github.com

CWE ID: CWE-416

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/pjsip/pjproject/commit/5aee54f09d4f91538d55279d7316591b28fded6c	security-advisories@github.com	N/A
https://github.com/pjsip/pjproject/security/advisories/GHSA-p965-mf7j-gwv8	security-advisories@github.com	N/A

Hyperlink: https://github.com/pjsip/pjproject/commit/5aee54f09d4f91538d55279d7316591b28fded6c

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/pjsip/pjproject/security/advisories/GHSA-p965-mf7j-gwv8

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History