{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84206?format=json","vulnerability_id":"VCID-ka6b-7jag-a3dp","summary":"PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were allocated based on a PCM-derived formula: (sample_rate/1000) * 60 * channel_cnt * 2. At 8 kHz mono this yields only 960 bytes, but codec_parse() can output encoded frames up to MAX_ENCODED_PACKET_SIZE (1280) bytes via opus_repacketizer_out_range(). The three pj_memcpy() calls in codec_decode() copied input->size bytes without bounds checking, causing a heap buffer overflow.","aliases":[{"alias":"CVE-2026-40614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126683?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=armv7&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=armv7&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/126684?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=loongarch64&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=loongarch64&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/126681?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=aarch64&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=aarch64&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/126682?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=armhf&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=armhf&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/126685?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=ppc64le&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=ppc64le&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/126686?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=riscv64&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=riscv64&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/126687?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=s390x&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=s390x&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/126688?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=x86&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=x86&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/126689?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=x86_64&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=x86_64&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/205354?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=aarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=aarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/205355?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=armhf&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=armhf&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/205356?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=armv7&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=armv7&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/205357?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=loongarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=loongarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/205358?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=ppc64le&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=ppc64le&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/205359?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=riscv64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=riscv64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/205360?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=s390x&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=s390x&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/205361?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=x86&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=x86&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/205362?format=json","purl":"pkg:apk/alpine/pjproject@2.17.0-r0?arch=x86_64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pjproject@2.17.0-r0%3Farch=x86_64&distroversion=edge&reponame=main"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40614","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10714","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10685","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10744","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10745","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40614"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134884","reference_id":"1134884","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134884"},{"reference_url":"https://github.com/pjsip/pjproject/commit/17897e835818f8ee03b1806ddcd7b95ea16d2c0e","reference_id":"17897e835818f8ee03b1806ddcd7b95ea16d2c0e","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T13:32:43Z/"}],"url":"https://github.com/pjsip/pjproject/commit/17897e835818f8ee03b1806ddcd7b95ea16d2c0e"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g","reference_id":"GHSA-j59p-4xrr-fp8g","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T13:32:43Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g"}],"weaknesses":[{"cwe_id":122,"name":"Heap-based Buffer Overflow","description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()."}],"exploits":[],"severity_range_score":"8.5 - 8.5","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ka6b-7jag-a3dp"}