CVE-2026-32942

Publication date 26 March 2026

Last updated 26 March 2026

Ubuntu priority

Description

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pjproject	25.10 questing	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2026-32942
https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7
https://github.com/pjsip/pjproject/issues/1451
https://github.com/pjsip/pjproject/commit/c9caceddabda7f18337b2a82d25d65f6224b450a

CVE-2026-32942

Description

Status

References

Other references

Access our resources on patching vulnerabilities