Vulnerabilities (CVE)

Filtered by vendor Xiph Subscribe
Filtered by product Speex
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-23904 1 Xiph 1 Speex 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program."
CVE-2020-23903 2 Fedoraproject, Xiph 2 Fedora, Speex 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
CVE-2008-1686 2 Xine, Xiph 3 Xine-lib, Libfishsound, Speex 2024-11-21 9.3 HIGH N/A
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.