CVE-2020-23903

A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/xiph/speex/issues/13
https://github.com/xiph/speex/issues/13
FEDORA-2021-73c086ef46
FEDORA-2021-73c086ef46
FEDORA-2021-91f16837bf
FEDORA-2021-91f16837bf

Published: 2021-11-11
Modified: 2024-11-21

CVE-2020-23904

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/xiph/speex/issues/14
https://github.com/xiph/speex/issues/14

Version: 2.1.0

Package speex update in sisyphus_riscv64 on 2024-03-02

ALT-PU-2024-3340-1

Closed vulnerabilities

CVE-2020-23903

CVE-2020-23904