{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.17" } ] } ] }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "6c9024511bf5307ff72efde1f90c9a2a226d8967" } ], "repo": "https://github.com/pjsip/pjproject", "type": "GIT" } ] } ], "aliases": [ "GHSA-pqww-jrxr-457f" ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-121" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29068.json" }, "details": "PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.", "id": "CVE-2026-29068", "modified": "2026-04-01T23:07:47.274588148Z", "published": "2026-03-06T06:36:45.790Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29068.json" }, { "type": "ADVISORY", "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29068" }, { "type": "FIX", "url": "https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "PJSIP: Stack buffer overflow in Opus codec parser" }