SB2021111018 - Multiple vulnerabilities in Speex
Published: November 10, 2021 Updated: November 15, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Division by zero (CVE-ID: CVE-2020-23903)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error when handling .wav files. A remote attacker can trick the victim into opening a specially crafted .wav file and crash the application.
2) Input validation error (CVE-ID: CVE-2020-23904)
The vulnerability allows attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of .wav file in speexenc.c. A remote attacker can cause a denial of service (DoS) via a crafted WAV file.
Remediation
Install update from vendor's website.
References
- https://github.com/xiph/speex/issues/13
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3SEV2ZRR47GSD3M7O5PH4XEJMKJJNG2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXCRAYNW5ESCE2PIGTUXZNZHNYFLJ6PX/
- https://github.com/xiph/speex/issues/14