CVE-2008-1686

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-1686
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://blog.kfish.org/2008/04/release-libfishsound-091.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
http://secunia.com/advisories/29672 Vendor Advisory
http://secunia.com/advisories/29727 Vendor Advisory
http://secunia.com/advisories/29835 Vendor Advisory
http://secunia.com/advisories/29845 Vendor Advisory
http://secunia.com/advisories/29854 Vendor Advisory
http://secunia.com/advisories/29866 Vendor Advisory
http://secunia.com/advisories/29878 Vendor Advisory
http://secunia.com/advisories/29880 Vendor Advisory
http://secunia.com/advisories/29881 Vendor Advisory
http://secunia.com/advisories/29882 Vendor Advisory
http://secunia.com/advisories/29898 Vendor Advisory
http://secunia.com/advisories/30104 Vendor Advisory
http://secunia.com/advisories/30117 Vendor Advisory
http://secunia.com/advisories/30119 Vendor Advisory
http://secunia.com/advisories/30337
http://secunia.com/advisories/30353 Vendor Advisory
http://secunia.com/advisories/30358 Vendor Advisory
http://secunia.com/advisories/30581 Vendor Advisory
http://secunia.com/advisories/30717
http://secunia.com/advisories/31393 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-17.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
http://sourceforge.net/project/shownotes.php?release_id=592185
http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
http://www.debian.org/security/2008/dsa-1584 Patch
http://www.debian.org/security/2008/dsa-1585 Patch
http://www.debian.org/security/2008/dsa-1586
http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
http://www.metadecks.org/software/sweep/news.html
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://www.ocert.org/advisories/ocert-2008-004.html
http://www.ocert.org/advisories/ocert-2008-2.html
http://www.redhat.com/support/errata/RHSA-2008-0235.html
http://www.securityfocus.com/archive/1/491009/100/0/threaded
http://www.securityfocus.com/bid/28665 Patch
http://www.securitytracker.com/id?1019875
http://www.ubuntu.com/usn/usn-611-1
http://www.ubuntu.com/usn/usn-611-2
http://www.ubuntu.com/usn/usn-611-3
http://www.ubuntu.com/usn/usn-635-1
http://www.vupen.com/english/advisories/2008/1187/references
http://www.vupen.com/english/advisories/2008/1228/references
http://www.vupen.com/english/advisories/2008/1268/references
http://www.vupen.com/english/advisories/2008/1269/references
http://www.vupen.com/english/advisories/2008/1300/references
http://www.vupen.com/english/advisories/2008/1301/references
http://www.vupen.com/english/advisories/2008/1302/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*
OR cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2008-04-08 18:05

Updated : 2024-02-28 11:21

NVD link : CVE-2008-1686

Mitre link : CVE-2008-1686

CVE.ORG link : CVE-2008-1686

JSON object : View

Products Affected

xiph

  • speex
  • libfishsound

xine

  • xine-lib
CWE
CWE-189

Numeric Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024