Vulnerabilities > Xiph > Speex
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2020-23903 | Divide By Zero vulnerability in multiple products A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | 5.5 |
| 2021-11-10 | CVE-2020-23904 | Out-of-bounds Write vulnerability in Xiph Speex 1.2 A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | 5.5 |
| 2008-04-08 | CVE-2008-1686 | Numeric Errors vulnerability in multiple products Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. | 9.3 |