CVE-2008-1686Xine-lib vulnerability

CWE-18911 documents8 sources
Severity
9.3CRITICALNVD
EPSS
5.3%
top 10.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Xiph SpeexXine Xine-libXiph Libfishsound
Timeline
PublishedApr 8
Latest updateMay 1

Description

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

Debianxiph/speex< 1.2~beta2-1+3
NVDxiph/speex1.1.12+16
NVDxine/xine-lib1.1.11.1+12
NVDxiph/libfishsound0.9.0+9

Patches

Patch: www.debian.orgPatch: www.debian.orgPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-8q5j-pq4c-9v79: Array index vulnerability in Speex 12022-05-01
CVEList
CVE-2008-1686: Array index vulnerability in Speex 12008-04-08
OSV
CVE-2008-1686: Array index vulnerability in Speex 12008-04-08

📋Vendor Advisories

6
Ubuntu
xine-lib vulnerabilities2008-08-06
Ubuntu
Speex vulnerability2008-05-08
Ubuntu
GStreamer Good Plugins vulnerability2008-05-08
Ubuntu
vorbis-tools vulnerability2008-05-08
Red Hat
libfishsound: insufficient boundary checks2008-04-10

💬Community

1
Bugzilla
CVE-2008-1686 speex, libfishsound: insufficient boundary checks2008-04-07
CVE-2008-1686 — Xine Xine-lib vulnerability | cvebase