INFSA-2022:7979: speex security update
Information about definition
Identificator: INFSA-2022:7979
Type: security
Release date: 2025-03-05 17:06:55 UTC
Information about package
Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates.
Vulnerabilities description
- CVE-2020-23903
A divide-by-zero flaw was found in speex within the read_samples() at src/speexenc.c function. This flaw allows a malicious user to provide a crafted wav file and crash the speexenc utility, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2020-23903
|
no information | 5.5 | no information |
Updated packages