{
  "version": "1",
  "package": [
    {
      "name": "speex",
      "layer": "meta",
      "version": "1.2.1",
      "products": [
        {
          "product": "speex",
          "cvesInRecord": "Yes"
        }
      ],
      "issue": [
        {
          "id": "CVE-2008-1686",
          "summary": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.",
          "scorev2": "9.3",
          "scorev3": "0.0",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2008-1686"
        },
        {
          "id": "CVE-2020-23903",
          "summary": "A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.",
          "scorev2": "4.3",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2020-23903"
        },
        {
          "id": "CVE-2020-23904",
          "summary": "A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states \"I cannot reproduce it\" and it \"is a demo program.",
          "scorev2": "4.3",
          "scorev3": "5.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2020-23904"
        }
      ]
    }
  ]
}