AVG-2544 log

Package speex
Status Vulnerable
Severity Medium
Type multiple issues
Affected 1.2.0-3
Fixed Unknown
Current 1.2.0-3 [extra]
Ticket Create
Created Wed Nov 10 23:27:52 2021
Issue Severity Remote Type Description
CVE-2020-23904 Medium Yes Arbitrary code execution
A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
CVE-2020-23903 Low Yes Denial of service
A divide by zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.