CVE-2026-32942
8.1
HIGH
CVSS 3.1
EPSS 0.06%
Description
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17.
How to fix CVE-2026-32942
To remediate CVE-2026-32942, upgrade the affected package to a fixed version below.
- Alpine/pjproject—upgrade to 2.17.0-r0 or later
- —no fix listed
Is CVE-2026-32942 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.17.0-r0
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |