speex

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A free codec for free speech
Version	1.2.0-3 [extra]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2544	1.2.0-3		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2020-23904	AVG-2544	Medium	Yes	Arbitrary code execution	A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
CVE-2020-23903	AVG-2544	Low	Yes	Denial of service	A divide by zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

Issue

Group

Severity

Remote

Type

Description

CVE-2020-23904

AVG-2544

Medium

Yes

Arbitrary code execution

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

CVE-2020-23903

AVG-2544

Low

Yes

Denial of service

A divide by zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.