CVE-2008-1686

Published: 8 April 2008

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Notes

Author	Note
jdstrand	upstream libfishsound should have a patch filed Debian bug #480059 for vorbis-tools (to hopefully get via merge in intrepid) Mandriva reference is a regression bug (and fix) for xine-lib

Priority

Status

Package	Release	Status
gst-plugins-good0.10 Launchpad, Ubuntu, Debian	dapper	Released (0.10.3-0ubuntu4.1)
	feisty	Released (0.10.5-1ubuntu2.1)
	gutsy	Released (0.10.6-0ubuntu4.1)
	hardy	Released (0.10.7-3ubuntu0.1)
	intrepid	Not vulnerable (0.10.8-2)
	jaunty	Not vulnerable (0.10.8-2)
	karmic	Not vulnerable (0.10.8-2)
	lucid	Not vulnerable (0.10.8-2)
	maverick	Not vulnerable (0.10.8-2)
	natty	Not vulnerable (0.10.8-2)
	oneiric	Not vulnerable (0.10.8-2)
	upstream	Released (0.10.8)
	Patches: vendor: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:092 upstream: http://webcvs.freedesktop.org/gstreamer/gst-plugins-good/ext/speex/gstspeexdec.c?r1=1.40&r2=1.41
libfishsound Launchpad, Ubuntu, Debian	dapper	Ignored (reached end-of-life)
	edgy	Needed (reached end-of-life)
	feisty	Needed (reached end-of-life)
	gutsy	Needed (reached end-of-life)
	hardy	Released (0.7.0-2.1ubuntu0.1)
	intrepid	Not vulnerable (0.7.0-2.3)
	jaunty	Not vulnerable (0.7.0-2.3)
	karmic	Not vulnerable (0.7.0-2.3)
	lucid	Not vulnerable (0.7.0-2.3)
	maverick	Not vulnerable (0.7.0-2.3)
	natty	Not vulnerable (0.7.0-2.3)
	oneiric	Not vulnerable (0.7.0-2.3)
	upstream	Released (0.7.0-2.2)
speex Launchpad, Ubuntu, Debian	dapper	Released (1.1.11.1-1ubuntu0.3)
	edgy	Needed (reached end-of-life)
	feisty	Released (1.1.12-3ubuntu0.7.04.1)
	gutsy	Released (1.1.12-3ubuntu0.7.10.1)
	hardy	Released (1.1.12-3ubuntu0.8.04.1)
	intrepid	Not vulnerable (1.2~beta3.2-1)
	jaunty	Not vulnerable (1.2~beta3.2-1)
	karmic	Not vulnerable (1.2~beta3.2-1)
	lucid	Not vulnerable (1.2~beta3.2-1)
	maverick	Not vulnerable (1.2~beta3.2-1)
	natty	Not vulnerable (1.2~beta3.2-1)
	oneiric	Not vulnerable (1.2~beta3.2-1)
	upstream	Released (1.2beta3.2)
	Patches: vendor: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:094 vendor: http://rhn.redhat.com/errata/RHSA-2008-0235.html
sweep Launchpad, Ubuntu, Debian	dapper	Ignored (reached end-of-life)
	feisty	Needed (reached end-of-life)
	gutsy	Needed (reached end-of-life)
	hardy	Ignored (reached end-of-life)
	intrepid	Needed (reached end-of-life)
	jaunty	Not vulnerable (0.9.3-1)
	karmic	Not vulnerable (0.9.3-1)
	lucid	Not vulnerable (0.9.3-1)
	maverick	Not vulnerable (0.9.3-1)
	natty	Not vulnerable (0.9.3-1)
	oneiric	Not vulnerable (0.9.3-1)
	upstream	Released (0.9.3)
vlc Launchpad, Ubuntu, Debian	dapper	Ignored (reached end-of-life)
	feisty	Needed (reached end-of-life)
	gutsy	Needed (reached end-of-life)
	hardy	Released (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.1)
	intrepid	Released (0.8.6.release.h-1ubuntu1)
	jaunty	Released (0.8.6.release.h-1ubuntu1)
	karmic	Released (0.8.6.release.h-1ubuntu1)
	lucid	Released (0.8.6.release.h-1ubuntu1)
	maverick	Released (0.8.6.release.h-1ubuntu1)
	natty	Released (0.8.6.release.h-1ubuntu1)
	oneiric	Released (0.8.6.release.h-1ubuntu1)
	upstream	Needs triage
	Patches: other: http://trac.videolan.org/vlc/changeset/c1c81073e661f7d80197711ab11753e1e170b44c
vorbis-tools Launchpad, Ubuntu, Debian	dapper	Released (1.1.1-3ubuntu0.1)
	feisty	Released (1.1.1-6ubuntu0.1)
	gutsy	Released (1.1.1-13ubuntu0.1)
	hardy	Released (1.1.1-15ubuntu0.1)
	intrepid	Released (1.2.0-2)
	jaunty	Released (1.2.0-2)
	karmic	Released (1.2.0-2)
	lucid	Released (1.2.0-2)
	maverick	Released (1.2.0-2)
	natty	Released (1.2.0-2)
	oneiric	Released (1.2.0-2)
	upstream	Needs triage
	Patches: vendor: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:093 upstream: https://trac.xiph.org/changeset/14701
xine-lib Launchpad, Ubuntu, Debian	dapper	Released (1.1.1+ubuntu2-7.9)
	feisty	Released (1.1.4-2ubuntu3.1)
	gutsy	Released (1.1.7-1ubuntu1.3)
	hardy	Released (1.1.11.1-1ubuntu3.1)
	intrepid	Not vulnerable (1.1.12-2ubuntu2)
	jaunty	Not vulnerable (1.1.12-2ubuntu2)
	karmic	Not vulnerable (1.1.12-2ubuntu2)
	lucid	Not vulnerable (1.1.12-2ubuntu2)
	maverick	Not vulnerable (1.1.12-2ubuntu2)
	natty	Not vulnerable (1.1.12-2ubuntu2)
	oneiric	Not vulnerable (1.1.12-2ubuntu2)
	upstream	Released (1.1.12)
	Patches: other: http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=d8e1305c13820b82d896f7bc77d196b9c9645dd6;style=raw
xmms-speex Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Needed (reached end-of-life)
	gutsy	Needed (reached end-of-life)
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Needs triage

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security