Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-c8c6-3vah-gqc3
Vulnerability ID VCID-c8c6-3vah-gqc3
Aliases CVE-2020-23903
Summary A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-369 Divide By Zero
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-23903.json
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2020-23903
archlinux Low https://security.archlinux.org/AVG-2544
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-23903.json
https://api.first.org/data/v1/epss?cve=CVE-2020-23903
2024250 https://bugzilla.redhat.com/show_bug.cgi?id=2024250
AVG-2544 https://security.archlinux.org/AVG-2544
RHSA-2022:7979 https://access.redhat.com/errata/RHSA-2022:7979
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-23903.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.26997
EPSS Score 0.00099
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:11:12.574379+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0