First published: Wed Nov 10 2021(Updated: )
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xiph Speex | =1.2 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-23903 is a Divide by Zero vulnerability in the function static int read_samples of Speex v1.2.
CVE-2020-23903 affects Xiph Speex v1.2 by allowing attackers to cause a denial of service (DoS) via a crafted WAV file.
CVE-2020-23903 has a severity level of medium with a CVSS score of 5.5.
To fix CVE-2020-23903 on Fedora 34, update the speex package to the latest version.
More information about CVE-2020-23903 can be found on the following references: [link1](https://github.com/xiph/speex/issues/13), [link2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXCRAYNW5ESCE2PIGTUXZNZHNYFLJ6PX/), [link3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3SEV2ZRR47GSD3M7O5PH4XEJMKJJNG2/)