CVE-2020-23903

Published: 10 November 2021

A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
speex Launchpad, Ubuntu, Debian	bionic	Released (1.2~rc1.2-1ubuntu2.1)
	focal	Released (1.2~rc1.2-1.1ubuntu1.20.04.1)
	hirsute	Ignored (reached end-of-life)
	impish	Released (1.2~rc1.2-1.1ubuntu1.21.10.1)
	jammy	Released (1.2~rc1.2-1.1ubuntu3)
	trusty	Ignored (out of standard support)
	upstream	Needs triage
	xenial	Released (1.2~rc1.2-1ubuntu1+esm1)
	Patches: upstrea: https://github.com/xiph/speex/commit/870ff845b32f314aec0036641ffe18aba4916887

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23903
https://github.com/xiph/speex/issues/13
https://ubuntu.com/security/notices/USN-5280-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›