ALT-PU-2024-1843-1
Package speex updated to version 1.2.1-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Published: 2021-11-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-23903
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://github.com/xiph/speex/issues/13
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXCRAYNW5ESCE2PIGTUXZNZHNYFLJ6PX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3SEV2ZRR47GSD3M7O5PH4XEJMKJJNG2/
- https://github.com/xiph/speex/issues/13
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXCRAYNW5ESCE2PIGTUXZNZHNYFLJ6PX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3SEV2ZRR47GSD3M7O5PH4XEJMKJJNG2/
Published: 2021-11-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-23904
A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References: