CVE-2008-1686

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2008-1686
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2008-04-08 18:05:00 UTC
Updated2018-10-11 20:36:00 UTC
DescriptionArray index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Risk And Classification

Problem Types: CWE-189

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Xine Xine-lib 0.9.13 All All All
Application Xine Xine-lib 0.9.8 All All All
Application Xine Xine-lib 0.99 All All All
Application Xine Xine-lib 1.0 All All All
Application Xine Xine-lib 1.0.1 All All All
Application Xine Xine-lib 1.0.2 All All All
Application Xine Xine-lib 1.0.3a All All All
Application Xine Xine-lib 1.1.0 All All All
Application Xine Xine-lib 1.1.1 All All All
Application Xine Xine-lib 1.1.10 All All All
Application Xine Xine-lib 1.1.10.1 All All All
Application Xine Xine-lib 1.1.11 All All All
Application Xine Xine-lib 0.9.13 All All All
Application Xine Xine-lib 0.9.8 All All All
Application Xine Xine-lib 0.99 All All All
Application Xine Xine-lib 1.0 All All All
Application Xine Xine-lib 1.0.1 All All All
Application Xine Xine-lib 1.0.2 All All All
Application Xine Xine-lib 1.0.3a All All All
Application Xine Xine-lib 1.1.0 All All All
Application Xine Xine-lib 1.1.1 All All All
Application Xine Xine-lib 1.1.10 All All All
Application Xine Xine-lib 1.1.10.1 All All All
Application Xine Xine-lib 1.1.11 All All All
Application Xine Xine-lib All All All All
Application Xiph Libfishsound 0.5.41 All All All
Application Xiph Libfishsound 0.5.42 All All All
Application Xiph Libfishsound 0.6.0 All All All
Application Xiph Libfishsound 0.6.1 All All All
Application Xiph Libfishsound 0.6.2 All All All
Application Xiph Libfishsound 0.6.3 All All All
Application Xiph Libfishsound 0.7.0 All All All
Application Xiph Libfishsound 0.8.0 All All All
Application Xiph Libfishsound 0.8.1 All All All
Application Xiph Libfishsound All All All All
Application Xiph Libfishsound 0.5.41 All All All
Application Xiph Libfishsound 0.5.42 All All All
Application Xiph Libfishsound 0.6.0 All All All
Application Xiph Libfishsound 0.6.1 All All All
Application Xiph Libfishsound 0.6.2 All All All
Application Xiph Libfishsound 0.6.3 All All All
Application Xiph Libfishsound 0.7.0 All All All
Application Xiph Libfishsound 0.8.0 All All All
Application Xiph Libfishsound 0.8.1 All All All
Application Xiph Speex 1.0.2 All All All
Application Xiph Speex 1.0.3 All All All
Application Xiph Speex 1.0.4 All All All
Application Xiph Speex 1.0.5 All All All
Application Xiph Speex 1.1.1 All All All
Application Xiph Speex 1.1.10 All All All
Application Xiph Speex 1.1.11 All All All
Application Xiph Speex 1.1.11.1 All All All
Application Xiph Speex 1.1.2 All All All
Application Xiph Speex 1.1.3 All All All
Application Xiph Speex 1.1.4 All All All
Application Xiph Speex 1.1.5 All All All
Application Xiph Speex 1.1.6 All All All
Application Xiph Speex 1.1.7 All All All
Application Xiph Speex 1.1.8 All All All
Application Xiph Speex 1.1.9 All All All
Application Xiph Speex 1.0.2 All All All
Application Xiph Speex 1.0.3 All All All
Application Xiph Speex 1.0.4 All All All
Application Xiph Speex 1.0.5 All All All
Application Xiph Speex 1.1.1 All All All
Application Xiph Speex 1.1.10 All All All
Application Xiph Speex 1.1.11 All All All
Application Xiph Speex 1.1.11.1 All All All
Application Xiph Speex 1.1.2 All All All
Application Xiph Speex 1.1.3 All All All
Application Xiph Speex 1.1.4 All All All
Application Xiph Speex 1.1.5 All All All
Application Xiph Speex 1.1.6 All All All
Application Xiph Speex 1.1.7 All All All
Application Xiph Speex 1.1.8 All All All
Application Xiph Speex 1.1.9 All All All
Application Xiph Speex All All All All

References

ReferenceSourceLinkTags
Gentoo update for speex - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
USN-611-2: vorbis-tools vulnerability | Ubuntu UBUNTU www.ubuntu.com
Webmail - OVH VUPEN www.vupen.com
Debian update for xine-lib - Advisories - Secunia SECUNIA secunia.com
FishSound Library Remote Speex Decoding Code Execution Vulnerability BID www.securityfocus.com Patch
IBM X-Force Exchange XF exchange.xforce.ibmcloud.com
SDL_sound Speex Header Processing Vulnerability - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
xine-lib Speex Header Processing Vulnerability - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Fedora update for speex - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com Vendor Advisory
Ubuntu update for speex - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
[SECURITY] Fedora 8 Update: libfishsound-0.9.1-1.fc8 FEDORA www.redhat.com
Ubuntu update for gst-plugins-good0.10 - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
USN-611-1: Speex vulnerability | Ubuntu UBUNTU www.ubuntu.com
Webmail - OVH VUPEN www.vupen.com
Webmail - OVH VUPEN www.vupen.com
USN-635-1: xine-lib vulnerabilities | Ubuntu UBUNTU www.ubuntu.com
Support / Security / Advisories / / MDVSA-2008:094 | Mandriva MANDRIVA www.mandriva.com
oCERT.org - oCERT Advisories MISC www.ocert.org
oCERT.org - oCERT Advisories MISC www.ocert.org
SecurityFocus BUGTRAQ www.securityfocus.com
Debian -- Security Information -- DSA-1585-1 speex DEBIAN www.debian.org Patch
Speex Validation Flaw in Speex Decoder Lets Remote Users Execute Arbitrary Code - SecurityTracker SECTRACK www.securitytracker.com
Repository / Oval Repository OVAL oval.cisecurity.org
[SECURITY] Fedora 8 Update: speex-1.2-0.4.beta2 FEDORA www.redhat.com
About Secunia Research | Flexera SECUNIA secunia.com Vendor Advisory
Sweep Speex Header Processing Vulnerability - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Webmail - OVH VUPEN www.vupen.com
Speex: User-assisted execution of arbitrary code — Gentoo Linux Documentation GENTOO security.gentoo.org
Ubuntu update for vorbis-tools - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Support / Security / Advisories / / MDVSA-2008:124 | Mandriva MANDRIVA www.mandriva.com
blog.kfish.org: Release: libfishsound 0.9.1 CONFIRM blog.kfish.org
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com Vendor Advisory
Security Announcement SUSE www.novell.com
Debian update for libfishsound - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com Vendor Advisory
[security-announce] SUSE Security Summary Report SUSE-SR:2008:012 SUSE lists.opensuse.org
Red Hat update for speex - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
SourceForge.net: Files CONFIRM sourceforge.net
The Slackware Linux Project: Slackware Security Advisories SLACKWARE slackware.com
SourceForge.net: xine - a free video player: Files CONFIRM sourceforge.net
Ubuntu update for xine-lib - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com Vendor Advisory
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com
libfishsound Speex Header Processing Vulnerability - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
www.metadecks.org/software/sweep/news.html CONFIRM www.metadecks.org
[Speex-dev] libfishsound 0.9.1 Release MLIST lists.xiph.org
[SECURITY] Fedora 7 Update: speex-1.2-0.3.beta1 FEDORA www.redhat.com
Debian update for speex - Advisories - Community SECUNIA secunia.com Vendor Advisory
Fedora update for libfishsound - Advisories - Community SECUNIA secunia.com Vendor Advisory
Debian -- Security Information -- DSA-1586-1 xine-lib DEBIAN www.debian.org
Debian -- Security Information -- DSA-1584-1 libfishsound DEBIAN www.debian.org Patch
USN-611-3: GStreamer Good Plugins vulnerability | Ubuntu UBUNTU www.ubuntu.com
rhn.redhat.com | Red Hat Support REDHAT www.redhat.com
Support / Security / Advisories / / MDVSA-2008:093 | Mandriva MANDRIVA www.mandriva.com
Support / Security / Advisories / / MDVSA-2008:092 | Mandriva MANDRIVA www.mandriva.com
VLC Media Player Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com Vendor Advisory
Webmail - OVH VUPEN www.vupen.com
Webmail - OVH VUPEN www.vupen.com
Webmail - OVH VUPEN www.vupen.com
vorbis-tools Speex Header Processing Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com Vendor Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report