CVE-2026-28799

Description

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.

Affected packages (1)

• Debian/asteriskfrom 0

CVSS scores

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-28799