Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-1686

Published: 08/04/2008 Updated: 11/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Xine

Vulnerability Summary

Array index vulnerability in Speex 1.1.12 and previous versions, as used in libfishsound 0.9.0 and previous versions, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib prior to 1.1.12, and many other products, allows remote malicious users to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Vulnerable Product Search on Vulmon Subscribe to Product

xine xine-lib 1.1.10

xine xine-lib 1.1.1

xine xine-lib 0.9.8

xine xine-lib 0.9.13

xine xine-lib

xine xine-lib 1.1.10.1

xine xine-lib 1.0

xine xine-lib 0.99

xine xine-lib 1.1.0

xine xine-lib 1.0.3a

xine xine-lib 1.1.11

xine xine-lib 1.0.2

xine xine-lib 1.0.1

xiph speex 1.1.9

xiph speex 1.1.8

xiph speex 1.0.5

xiph speex 1.0.3

xiph speex 1.1.2

xiph speex 1.1.11

xiph speex 1.1.10

xiph speex 1.1.4

xiph speex 1.1.3

xiph speex 1.1.7

xiph speex 1.1.6

xiph speex 1.1.1

xiph speex 1.0.2

xiph speex

xiph speex 1.1.11.1

xiph speex 1.0.4

xiph speex 1.1.5

xiph libfishsound 0.7.0

xiph libfishsound 0.6.3

xiph libfishsound 0.8.1

xiph libfishsound 0.8.0

xiph libfishsound 0.5.41

xiph libfishsound 0.6.2

xiph libfishsound 0.6.1

xiph libfishsound

xiph libfishsound 0.6.0

xiph libfishsound 0.5.42

Vendor Advisories

Debian CVElist Bug Report Logs: libfishsound: CVE-2008-1686 code execution via crafted header containing negative offsets
Debian Bug report logs - #475152 libfishsound: CVE-2008-1686 code execution via crafted header containing negative offsets Package: libfishsound1; Maintainer for libfishsound1 is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for libfishsound1 is src:libfishsound (PTS, buildd, popcon) Reported by: ...
Debian CVElist Bug Report Logs: vlc: CVE-2008-0073 code execution via crafted rtsp stream
Debian Bug report logs - #473057 vlc: CVE-2008-0073 code execution via crafted rtsp stream Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 28 Mar 2008 01:18:01 U ...
Ubuntu Security Notice: speex vulnerability
It was discovered that Speex did not properly validate its input when processing Speex file headers If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program ...
Ubuntu Security Notice: gst-plugins-good0.10 vulnerability
USN-611-1 fixed a vulnerability in Speex This update provides the corresponding update for GStreamer Good Plugins ...
Ubuntu Security Notice: vorbis-tools vulnerability
USN-611-1 fixed a vulnerability in Speex This update provides the corresponding update for ogg123, part of vorbis-tools ...
Ubuntu Security Notice: xine-lib vulnerabilities
Alin Rad Pop discovered an array index vulnerability in the SDP parser If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program (CVE-2008-0073) ...
Debian Security Advisories: DSA-1584-1 libfishsound -- buffer overflow
It was discovered that libfishsound, a simple programming interface that wraps XiphOrg audio codecs, didn't correctly handle negative values in a particular header field This could allow malicious files to execute arbitrary code For the stable distribution (etch), this problem has been fixed in version 070-2etch1 For the unstable distribution ...
Debian Security Advisories: DSA-1586-1 xine-lib -- multiple vulnerabilities
Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player The Common Vulnerabilities and Exposures project identifies the following three problems: CVE-2008-1482 Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and ...
Debian Security Advisories: DSA-1585-1 speex -- integer overflow
It was discovered that speex, the Speex codec command line tools, did not correctly deal with negative offsets in a particular header field This could allow a malicious file to execute arbitrary code For the stable distribution (etch), this problem has been fixed in version 1112-3etch1 We recommend that you upgrade your speex package ...

References

CWE-189http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.htmlhttp://www.ocert.org/advisories/ocert-2008-2.htmlhttp://blog.kfish.org/2008/04/release-libfishsound-091.htmlhttp://www.securityfocus.com/bid/28665http://secunia.com/advisories/29727http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655http://sourceforge.net/project/shownotes.php?release_id=592185http://secunia.com/advisories/29672http://www.ocert.org/advisories/ocert-2008-004.htmlhttp://www.metadecks.org/software/sweep/news.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.htmlhttp://security.gentoo.org/glsa/glsa-200804-17.xmlhttp://www.redhat.com/support/errata/RHSA-2008-0235.htmlhttp://www.securitytracker.com/id?1019875http://secunia.com/advisories/29835http://secunia.com/advisories/29845http://secunia.com/advisories/29854http://secunia.com/advisories/29866http://secunia.com/advisories/29878http://secunia.com/advisories/29880http://secunia.com/advisories/29881http://secunia.com/advisories/29882http://www.debian.org/security/2008/dsa-1584http://www.debian.org/security/2008/dsa-1585http://www.mandriva.com/security/advisories?name=MDVSA-2008:092http://www.mandriva.com/security/advisories?name=MDVSA-2008:093http://www.mandriva.com/security/advisories?name=MDVSA-2008:094http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836http://www.ubuntu.com/usn/usn-611-1http://www.ubuntu.com/usn/usn-611-2http://www.ubuntu.com/usn/usn-611-3http://secunia.com/advisories/29898http://secunia.com/advisories/30104http://secunia.com/advisories/30117http://secunia.com/advisories/30119http://secunia.com/advisories/30353http://secunia.com/advisories/30358http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://secunia.com/advisories/31393http://secunia.com/advisories/30581http://www.novell.com/linux/security/advisories/2008_13_sr.htmlhttp://secunia.com/advisories/30717http://www.ubuntu.com/usn/usn-635-1http://www.mandriva.com/security/advisories?name=MDVSA-2008:124http://www.debian.org/security/2008/dsa-1586http://secunia.com/advisories/30337http://www.vupen.com/english/advisories/2008/1187/referenceshttp://www.vupen.com/english/advisories/2008/1269/referenceshttp://www.vupen.com/english/advisories/2008/1228/referenceshttp://www.vupen.com/english/advisories/2008/1300/referenceshttp://www.vupen.com/english/advisories/2008/1301/referenceshttp://www.vupen.com/english/advisories/2008/1268/referenceshttp://www.vupen.com/english/advisories/2008/1302/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41684https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026http://www.securityfocus.com/archive/1/491009/100/0/threadedhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475152https://usn.ubuntu.com/611-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook