CVE-2008-1686

Published: 08 April 2008

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Status

Notes

upstream libfishsound should have a patch
filed Debian bug #480059 for vorbis-tools (to hopefully get via
merge in intrepid)
Mandriva reference is a regression bug (and fix) for xine-lib

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
• https://ubuntu.com/security/notices/USN-611-1
• https://ubuntu.com/security/notices/USN-611-2
• https://ubuntu.com/security/notices/USN-611-3
• https://ubuntu.com/security/notices/USN-635-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugs.launchpad.net/ubuntu/+source/speex/+bug/218652
• https://qa.mandriva.com/show_bug.cgi?id=39768