CVE-2008-1686
published 2008-04-08CVE-2008-1686: Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins…
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.14%
92.6th percentile
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
Affected
50 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libfishsound | < libfishsound 0.7.0-2.2 (bookworm) | libfishsound 0.7.0-2.2 (bookworm) |
| debian | speex | < libfishsound 0.7.0-2.2 (bookworm) | libfishsound 0.7.0-2.2 (bookworm) |
| xine | xine-lib | <= 1.1.11.1 | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xine | xine-lib | — | — |
| xiph | libfishsound | <= 0.9.0 | — |
| xiph | libfishsound | — | — |
| xiph | libfishsound | — | — |
| xiph | libfishsound | — | — |
| xiph | libfishsound | — | — |
| xiph | libfishsound | — | — |
| xiph | libfishsound | — | — |
| xiph | libfishsound | — | — |
| xiph | libfishsound | — | — |
| xiph | libfishsound | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
xine-lib vulnerabilities
vendor_ubuntu·2008-08-06·CVSS 6.8
CVE-2008-0073 [MEDIUM] xine-lib vulnerabilities
Title: xine-lib vulnerabilities
Summary: xine-lib vulnerabilities
Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)
Luigi Auriemma discovered that xine-lib did not properly check
buffer sizes in the RTSP header-handling code. If xine-lib opened an
RTSP stream with crafted SDP attributes, a remote attacker may be
able to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-0225, CVE-2008-0238)
Damian Frizza and Alfredo Ortega discovered that xine-lib did not
properly validate FLAC tags. If a user or automated system were
tricked
Ubuntu
Speex vulnerability
vendor_ubuntu·2008-05-08
CVE-2008-1686 Speex vulnerability
Title: Speex vulnerability
Summary: Speex vulnerability
It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.
Instructions: After a standard system upgrade you need to restart applications linked against
Speex to effect the necessary changes.
Ubuntu
GStreamer Good Plugins vulnerability
vendor_ubuntu·2008-05-08
CVE-2008-1686 GStreamer Good Plugins vulnerability
Title: GStreamer Good Plugins vulnerability
Summary: GStreamer Good Plugins vulnerability
USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for GStreamer Good Plugins.
Original advisory details:
It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Ubuntu
vorbis-tools vulnerability
vendor_ubuntu·2008-05-08
CVE-2008-1686 vorbis-tools vulnerability
Title: vorbis-tools vulnerability
Summary: vorbis-tools vulnerability
USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for ogg123, part of vorbis-tools.
Original advisory details:
It was discovered that Speex did not properly validate its input when
processing Speex file headers. If a user or automated system were
tricked into opening a specially crafted Speex file, an attacker could
create a denial of service in applications linked against Speex or
possibly execute arbitrary code as the user invoking the program.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
libfishsound: insufficient boundary checks
vendor_redhat·2008-04-10·CVSS 9.3
CVE-2008-1686 [CRITICAL] libfishsound: insufficient boundary checks
libfishsound: insufficient boundary checks
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
Debian
CVE-2008-1686: libfishsound - Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0...
vendor_debian·2008·CVSS 9.3
CVE-2008-1686 [CRITICAL] CVE-2008-1686: libfishsound - Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0...
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
Scope: local
bookworm: resolved (fixed in 0.7.0-2.2)
bullseye: resolved (fixed in 0.7.0-2.2)
forky: resolved (fixed in 0.7.0-2.2)
sid: resolved (fixed in 0.7.0-2.2)
trixie: resolved (fixed in 0.7.0-2.2)
GHSA
GHSA-8q5j-pq4c-9v79: Array index vulnerability in Speex 1
ghsa_unreviewed·2022-05-01
CVE-2008-1686 [HIGH] GHSA-8q5j-pq4c-9v79: Array index vulnerability in Speex 1
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
OSV
CVE-2008-1686: Array index vulnerability in Speex 1
osv·2008-04-08·CVSS 9.3
CVE-2008-1686 [CRITICAL] CVE-2008-1686: Array index vulnerability in Speex 1
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
No detection rules found.
No public exploits indexed.
http://blog.kfish.org/2008/04/release-libfishsound-091.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://lists.xiph.org/pipermail/speex-dev/2008-April/006636.htmlhttp://secunia.com/advisories/29672http://secunia.com/advisories/29727http://secunia.com/advisories/29835http://secunia.com/advisories/29845http://secunia.com/advisories/29854http://secunia.com/advisories/29866http://secunia.com/advisories/29878http://secunia.com/advisories/29880http://secunia.com/advisories/29881http://secunia.com/advisories/29882http://secunia.com/advisories/29898http://secunia.com/advisories/30104http://secunia.com/advisories/30117http://secunia.com/advisories/30119http://secunia.com/advisories/30337http://secunia.com/advisories/30353http://secunia.com/advisories/30358http://secunia.com/advisories/30581http://secunia.com/advisories/30717http://secunia.com/advisories/31393http://security.gentoo.org/glsa/glsa-200804-17.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836http://sourceforge.net/project/shownotes.php?release_id=592185http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655http://www.debian.org/security/2008/dsa-1584http://www.debian.org/security/2008/dsa-1585http://www.debian.org/security/2008/dsa-1586http://www.mandriva.com/security/advisories?name=MDVSA-2008:092http://www.mandriva.com/security/advisories?name=MDVSA-2008:093http://www.mandriva.com/security/advisories?name=MDVSA-2008:094http://www.mandriva.com/security/advisories?name=MDVSA-2008:124http://www.metadecks.org/software/sweep/news.htmlhttp://www.novell.com/linux/security/advisories/2008_13_sr.htmlhttp://www.ocert.org/advisories/ocert-2008-004.htmlhttp://www.ocert.org/advisories/ocert-2008-2.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0235.htmlhttp://www.securityfocus.com/archive/1/491009/100/0/threadedhttp://www.securityfocus.com/bid/28665http://www.securitytracker.com/id?1019875http://www.ubuntu.com/usn/usn-611-1http://www.ubuntu.com/usn/usn-611-2http://www.ubuntu.com/usn/usn-611-3http://www.ubuntu.com/usn/usn-635-1http://www.vupen.com/english/advisories/2008/1187/referenceshttp://www.vupen.com/english/advisories/2008/1228/referenceshttp://www.vupen.com/english/advisories/2008/1268/referenceshttp://www.vupen.com/english/advisories/2008/1269/referenceshttp://www.vupen.com/english/advisories/2008/1300/referenceshttp://www.vupen.com/english/advisories/2008/1301/referenceshttp://www.vupen.com/english/advisories/2008/1302/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41684https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.htmlhttp://blog.kfish.org/2008/04/release-libfishsound-091.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://lists.xiph.org/pipermail/speex-dev/2008-April/006636.htmlhttp://secunia.com/advisories/29672http://secunia.com/advisories/29727http://secunia.com/advisories/29835http://secunia.com/advisories/29845http://secunia.com/advisories/29854http://secunia.com/advisories/29866http://secunia.com/advisories/29878http://secunia.com/advisories/29880http://secunia.com/advisories/29881http://secunia.com/advisories/29882http://secunia.com/advisories/29898http://secunia.com/advisories/30104http://secunia.com/advisories/30117http://secunia.com/advisories/30119http://secunia.com/advisories/30337http://secunia.com/advisories/30353http://secunia.com/advisories/30358http://secunia.com/advisories/30581http://secunia.com/advisories/30717http://secunia.com/advisories/31393http://security.gentoo.org/glsa/glsa-200804-17.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836http://sourceforge.net/project/shownotes.php?release_id=592185http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655http://www.debian.org/security/2008/dsa-1584http://www.debian.org/security/2008/dsa-1585http://www.debian.org/security/2008/dsa-1586http://www.mandriva.com/security/advisories?name=MDVSA-2008:092http://www.mandriva.com/security/advisories?name=MDVSA-2008:093http://www.mandriva.com/security/advisories?name=MDVSA-2008:094http://www.mandriva.com/security/advisories?name=MDVSA-2008:124http://www.metadecks.org/software/sweep/news.htmlhttp://www.novell.com/linux/security/advisories/2008_13_sr.htmlhttp://www.ocert.org/advisories/ocert-2008-004.htmlhttp://www.ocert.org/advisories/ocert-2008-2.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0235.htmlhttp://www.securityfocus.com/archive/1/491009/100/0/threadedhttp://www.securityfocus.com/bid/28665http://www.securitytracker.com/id?1019875
+ 16 more references
2008-04-08
Published