CVE-2020-23903

A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

References

Affected packages

Git / github.com/xiph/speex

Affected ranges

Type

GIT

Repo

https://github.com/xiph/speex

Events

Introduced

Last affected

7fc5f8b88519a2aafdf4b6a5c31ef3d54b560d68

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2-NA"
        }
    ]
}

Affected versions

Other

Initial

Speex-0.*

Speex-0.0.1

Speex-0.0.2

Speex-0.0.3

Speex-0.1.0

Speex-0.1.1

Speex-0.1.2

Speex-0.2.0

Speex-0.3.0

Speex-0.4.0

Speex-0.5.0

Speex-0.8

Speex-1.*

Speex-1.0

Speex-1.0beta1

Speex-1.0beta2

Speex-1.0beta3

Speex-1.0beta4

Speex-1.0rc1

Speex-1.0rc2

Speex-1.0rc3

Speex-1.1

Speex-1.1.10

Speex-1.1.11

Speex-1.1.11.1

Speex-1.1.12

Speex-1.1.2

Speex-1.1.3

Speex-1.1.4

Speex-1.1.5

Speex-1.1.6

Speex-1.1.7

Speex-1.1.8

Speex-1.1.9

Speex-1.2.0

Speex-1.2beta1

Speex-1.2beta2

Speex-1.2beta3

Speex-1.2beta3.1

Speex-1.2beta3.2

Speex-1.2rc1

Speex-1.2rc2

speex-1.*

speex-1.2beta2

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-23903.json"