3 matches found
CVE-2020-23903
CVE-2020-23903 is a divide-by-zero DoS in Speex v1.2 (function read_samples) exploitable via a crafted WAV file. Connected docs confirm the vulnerability, its impact (DoS/crash), and mitigations such as patched releases (e.g., IBM Cloud Pak components at 5.0.1, AlmaLinux patch ALSA-2022-7979, Mag...
CVE-2008-1686
CVE-2008-1686 is an array-index dereference vulnerability in the Speex library (and tied components like xine-lib) that allows a remote attacker to execute arbitrary code by processing crafted Speex headers containing a negative offset. The issue affects Speex 1.1.12 and earlier and is reported a...
CVE-2020-23904
CVE-2020-23904 affects Speex v1.2, with a stack-based buffer overflow in speexenc.c triggered by a crafted WAV file. The vulnerability can lead to a denial of service. The vendor notes inability to reproduce it and describes Speex as a demo program, which implies limited or unverified exploit pra...