Vulnerabilities > Xiph > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2020-23903 | Divide By Zero vulnerability in multiple products A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | 5.5 |
| 2021-11-10 | CVE-2020-23904 | Out-of-bounds Write vulnerability in Xiph Speex 1.2 A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | 5.5 |
| 2017-07-31 | CVE-2017-11548 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xiph Libao 1.2.0 The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file. | 5.5 |
| 2017-07-31 | CVE-2017-11331 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xiph Vorbis-Tools 1.4.0 The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. | 5.5 |