Your submission was sent successfully! Close

CVE-2008-1686

Published: 8 April 2008

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Priority

Medium

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian 		dapper
Released (0.10.3-0ubuntu4.1)
feisty
Released (0.10.5-1ubuntu2.1)
gutsy
Released (0.10.6-0ubuntu4.1)
hardy
Released (0.10.7-3ubuntu0.1)
intrepid Not vulnerable
(0.10.8-2)
jaunty Not vulnerable
(0.10.8-2)
karmic Not vulnerable
(0.10.8-2)
lucid Not vulnerable
(0.10.8-2)
maverick Not vulnerable
(0.10.8-2)
natty Not vulnerable
(0.10.8-2)
oneiric Not vulnerable
(0.10.8-2)
upstream
Released (0.10.8)
libfishsound
Launchpad, Ubuntu, Debian 		dapper Ignored
(reached end-of-life)
edgy Needed
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy
Released (0.7.0-2.1ubuntu0.1)
intrepid Not vulnerable
(0.7.0-2.3)
jaunty Not vulnerable
(0.7.0-2.3)
karmic Not vulnerable
(0.7.0-2.3)
lucid Not vulnerable
(0.7.0-2.3)
maverick Not vulnerable
(0.7.0-2.3)
natty Not vulnerable
(0.7.0-2.3)
oneiric Not vulnerable
(0.7.0-2.3)
upstream
Released (0.7.0-2.2)
speex
Launchpad, Ubuntu, Debian 		dapper
Released (1.1.11.1-1ubuntu0.3)
edgy Needed
(reached end-of-life)
feisty
Released (1.1.12-3ubuntu0.7.04.1)
gutsy
Released (1.1.12-3ubuntu0.7.10.1)
hardy
Released (1.1.12-3ubuntu0.8.04.1)
intrepid Not vulnerable
(1.2~beta3.2-1)
jaunty Not vulnerable
(1.2~beta3.2-1)
karmic Not vulnerable
(1.2~beta3.2-1)
lucid Not vulnerable
(1.2~beta3.2-1)
maverick Not vulnerable
(1.2~beta3.2-1)
natty Not vulnerable
(1.2~beta3.2-1)
oneiric Not vulnerable
(1.2~beta3.2-1)
upstream
Released (1.2beta3.2)
sweep
Launchpad, Ubuntu, Debian 		dapper Ignored
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Ignored
(reached end-of-life)
intrepid Needed
(reached end-of-life)
jaunty Not vulnerable
(0.9.3-1)
karmic Not vulnerable
(0.9.3-1)
lucid Not vulnerable
(0.9.3-1)
maverick Not vulnerable
(0.9.3-1)
natty Not vulnerable
(0.9.3-1)
oneiric Not vulnerable
(0.9.3-1)
upstream
Released (0.9.3)
vlc
Launchpad, Ubuntu, Debian 		dapper Ignored
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy
Released (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.1)
intrepid
Released (0.8.6.release.h-1ubuntu1)
jaunty
Released (0.8.6.release.h-1ubuntu1)
karmic
Released (0.8.6.release.h-1ubuntu1)
lucid
Released (0.8.6.release.h-1ubuntu1)
maverick
Released (0.8.6.release.h-1ubuntu1)
natty
Released (0.8.6.release.h-1ubuntu1)
oneiric
Released (0.8.6.release.h-1ubuntu1)
upstream Needs triage

vorbis-tools
Launchpad, Ubuntu, Debian 		dapper
Released (1.1.1-3ubuntu0.1)
feisty
Released (1.1.1-6ubuntu0.1)
gutsy
Released (1.1.1-13ubuntu0.1)
hardy
Released (1.1.1-15ubuntu0.1)
intrepid
Released (1.2.0-2)
jaunty
Released (1.2.0-2)
karmic
Released (1.2.0-2)
lucid
Released (1.2.0-2)
maverick
Released (1.2.0-2)
natty
Released (1.2.0-2)
oneiric
Released (1.2.0-2)
upstream Needs triage

xine-lib
Launchpad, Ubuntu, Debian 		dapper
Released (1.1.1+ubuntu2-7.9)
feisty
Released (1.1.4-2ubuntu3.1)
gutsy
Released (1.1.7-1ubuntu1.3)
hardy
Released (1.1.11.1-1ubuntu3.1)
intrepid Not vulnerable
(1.1.12-2ubuntu2)
jaunty Not vulnerable
(1.1.12-2ubuntu2)
karmic Not vulnerable
(1.1.12-2ubuntu2)
lucid Not vulnerable
(1.1.12-2ubuntu2)
maverick Not vulnerable
(1.1.12-2ubuntu2)
natty Not vulnerable
(1.1.12-2ubuntu2)
oneiric Not vulnerable
(1.1.12-2ubuntu2)
upstream
Released (1.1.12)
xmms-speex
Launchpad, Ubuntu, Debian 		dapper Does not exist

feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream Needs triage

Notes

AuthorNote
jdstrand 
upstream libfishsound should have a patch
filed Debian bug #480059 for vorbis-tools (to hopefully get via
merge in intrepid)
Mandriva reference is a regression bug (and fix) for xine-lib

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading