cbcvebase.
CVE-2008-1686
published 2008-04-08

CVE-2008-1686: Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins…

PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.14%
92.6th percentile
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Affected

50 ranges· showing 25
VendorProductVersion rangeFixed in
debianlibfishsound< libfishsound 0.7.0-2.2 (bookworm)libfishsound 0.7.0-2.2 (bookworm)
debianspeex< libfishsound 0.7.0-2.2 (bookworm)libfishsound 0.7.0-2.2 (bookworm)
xinexine-lib<= 1.1.11.1
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xinexine-lib
xiphlibfishsound<= 0.9.0
xiphlibfishsound
xiphlibfishsound
xiphlibfishsound
xiphlibfishsound
xiphlibfishsound
xiphlibfishsound
xiphlibfishsound
xiphlibfishsound
xiphlibfishsound

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.