AVG-2544 - speex - Arch Linux

issues
advisories
todo
stats
log
login

AVG-2544 log

Package	speex
Status	Vulnerable
Severity	Medium
Type	multiple issues
Affected	1.2.0-3
Fixed	Unknown
Current	1.2.0-3 [extra]
Ticket	Create
Created	Wed Nov 10 23:27:52 2021

Issue	Severity	Remote	Type	Description
CVE-2020-23904	Medium	Yes	Arbitrary code execution	A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
CVE-2020-23903	Low	Yes	Denial of service	A divide by zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

Issue

Severity

Remote

Type

Description

CVE-2020-23904

Medium

Yes

Arbitrary code execution

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

CVE-2020-23903

Low

Yes

Denial of service

A divide by zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.