Your submission was sent successfully! Close

CVE-2008-1686

Published: 8 April 2008

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Priority

Medium

Status

Package Release Status
gst-plugins-good0.10
Launchpad, Ubuntu, Debian
dapper
Released (0.10.3-0ubuntu4.1)
feisty
Released (0.10.5-1ubuntu2.1)
gutsy
Released (0.10.6-0ubuntu4.1)
hardy
Released (0.10.7-3ubuntu0.1)
intrepid Not vulnerable
(0.10.8-2)
jaunty Not vulnerable
(0.10.8-2)
karmic Not vulnerable
(0.10.8-2)
lucid Not vulnerable
(0.10.8-2)
maverick Not vulnerable
(0.10.8-2)
natty Not vulnerable
(0.10.8-2)
oneiric Not vulnerable
(0.10.8-2)
upstream
Released (0.10.8)
libfishsound
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
edgy Needed
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy
Released (0.7.0-2.1ubuntu0.1)
intrepid Not vulnerable
(0.7.0-2.3)
jaunty Not vulnerable
(0.7.0-2.3)
karmic Not vulnerable
(0.7.0-2.3)
lucid Not vulnerable
(0.7.0-2.3)
maverick Not vulnerable
(0.7.0-2.3)
natty Not vulnerable
(0.7.0-2.3)
oneiric Not vulnerable
(0.7.0-2.3)
upstream
Released (0.7.0-2.2)
speex
Launchpad, Ubuntu, Debian
dapper
Released (1.1.11.1-1ubuntu0.3)
edgy Needed
(reached end-of-life)
feisty
Released (1.1.12-3ubuntu0.7.04.1)
gutsy
Released (1.1.12-3ubuntu0.7.10.1)
hardy
Released (1.1.12-3ubuntu0.8.04.1)
intrepid Not vulnerable
(1.2~beta3.2-1)
jaunty Not vulnerable
(1.2~beta3.2-1)
karmic Not vulnerable
(1.2~beta3.2-1)
lucid Not vulnerable
(1.2~beta3.2-1)
maverick Not vulnerable
(1.2~beta3.2-1)
natty Not vulnerable
(1.2~beta3.2-1)
oneiric Not vulnerable
(1.2~beta3.2-1)
upstream
Released (1.2beta3.2)
sweep
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Ignored
(reached end-of-life)
intrepid Needed
(reached end-of-life)
jaunty Not vulnerable
(0.9.3-1)
karmic Not vulnerable
(0.9.3-1)
lucid Not vulnerable
(0.9.3-1)
maverick Not vulnerable
(0.9.3-1)
natty Not vulnerable
(0.9.3-1)
oneiric Not vulnerable
(0.9.3-1)
upstream
Released (0.9.3)
vlc
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy
Released (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.1)
intrepid
Released (0.8.6.release.h-1ubuntu1)
jaunty
Released (0.8.6.release.h-1ubuntu1)
karmic
Released (0.8.6.release.h-1ubuntu1)
lucid
Released (0.8.6.release.h-1ubuntu1)
maverick
Released (0.8.6.release.h-1ubuntu1)
natty
Released (0.8.6.release.h-1ubuntu1)
oneiric
Released (0.8.6.release.h-1ubuntu1)
upstream Needs triage

vorbis-tools
Launchpad, Ubuntu, Debian
dapper
Released (1.1.1-3ubuntu0.1)
feisty
Released (1.1.1-6ubuntu0.1)
gutsy
Released (1.1.1-13ubuntu0.1)
hardy
Released (1.1.1-15ubuntu0.1)
intrepid
Released (1.2.0-2)
jaunty
Released (1.2.0-2)
karmic
Released (1.2.0-2)
lucid
Released (1.2.0-2)
maverick
Released (1.2.0-2)
natty
Released (1.2.0-2)
oneiric
Released (1.2.0-2)
upstream Needs triage

xine-lib
Launchpad, Ubuntu, Debian
dapper
Released (1.1.1+ubuntu2-7.9)
feisty
Released (1.1.4-2ubuntu3.1)
gutsy
Released (1.1.7-1ubuntu1.3)
hardy
Released (1.1.11.1-1ubuntu3.1)
intrepid Not vulnerable
(1.1.12-2ubuntu2)
jaunty Not vulnerable
(1.1.12-2ubuntu2)
karmic Not vulnerable
(1.1.12-2ubuntu2)
lucid Not vulnerable
(1.1.12-2ubuntu2)
maverick Not vulnerable
(1.1.12-2ubuntu2)
natty Not vulnerable
(1.1.12-2ubuntu2)
oneiric Not vulnerable
(1.1.12-2ubuntu2)
upstream
Released (1.1.12)
xmms-speex
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream Needs triage