// For flags

CVE-2020-23903

speex: divide by zero in read_samples() via crafted WAV file

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

Una vulnerabilidad de división por cero en la función static int read_samples de Speex versión v1.2, permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo WAV diseñado

A divide-by-zero flaw was found in speex within the read_samples() at src/speexenc.c function. This flaw allows a malicious user to provide a crafted wav file and crash the speexenc utility, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-08-13 CVE Reserved
  • 2021-11-10 CVE Published
  • 2024-07-26 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-369: Divide By Zero
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xiph
Search vendor "Xiph"
Speex
Search vendor "Xiph" for product "Speex"
1.2
Search vendor "Xiph" for product "Speex" and version "1.2"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
35
Search vendor "Fedoraproject" for product "Fedora" and version "35"
-
Affected