Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to xiph - libfishsound

Vulnerability from fkie_nvd

Published

2008-04-08 18:05

Modified

2024-11-21 00:45

Severity ?

Summary

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

References

URL	Tags
cve@mitre.org	http://blog.kfish.org/2008/04/release-libfishsound-091.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
cve@mitre.org	http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
cve@mitre.org	http://secunia.com/advisories/29672	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29727	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29835	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29845	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29854	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29866	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29878	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29880	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29881	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29882	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29898	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30104	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30117	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30119	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30337
cve@mitre.org	http://secunia.com/advisories/30353	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30358	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30581	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30717
cve@mitre.org	http://secunia.com/advisories/31393	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200804-17.xml
cve@mitre.org	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=592185
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
cve@mitre.org	http://www.debian.org/security/2008/dsa-1584	Patch
cve@mitre.org	http://www.debian.org/security/2008/dsa-1585	Patch
cve@mitre.org	http://www.debian.org/security/2008/dsa-1586
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
cve@mitre.org	http://www.metadecks.org/software/sweep/news.html
cve@mitre.org	http://www.novell.com/linux/security/advisories/2008_13_sr.html
cve@mitre.org	http://www.ocert.org/advisories/ocert-2008-004.html
cve@mitre.org	http://www.ocert.org/advisories/ocert-2008-2.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0235.html
cve@mitre.org	http://www.securityfocus.com/archive/1/491009/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/28665	Patch
cve@mitre.org	http://www.securitytracker.com/id?1019875
cve@mitre.org	http://www.ubuntu.com/usn/usn-611-1
cve@mitre.org	http://www.ubuntu.com/usn/usn-611-2
cve@mitre.org	http://www.ubuntu.com/usn/usn-611-3
cve@mitre.org	http://www.ubuntu.com/usn/usn-635-1
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1187/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1228/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1268/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1269/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1300/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1301/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1302/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html
af854a3a-2127-422b-91ae-364da2661108	http://blog.kfish.org/2008/04/release-libfishsound-091.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29672	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29727	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29835	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29845	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29854	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29866	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29878	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29880	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29881	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29882	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29898	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30104	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30117	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30119	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30337
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30353	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30358	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30581	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30717
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31393	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200804-17.xml
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=592185
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1584	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1585	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1586
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
af854a3a-2127-422b-91ae-364da2661108	http://www.metadecks.org/software/sweep/news.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2008_13_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.ocert.org/advisories/ocert-2008-004.html
af854a3a-2127-422b-91ae-364da2661108	http://www.ocert.org/advisories/ocert-2008-2.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0235.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491009/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28665	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019875
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-611-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-611-2
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-611-3
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-635-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1187/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1228/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1268/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1269/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1300/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1301/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1302/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html

Impacted products

Vendor	Product	Version
xine	xine-lib	*
xine	xine-lib	0.9.8
xine	xine-lib	0.9.13
xine	xine-lib	0.99
xine	xine-lib	1.0
xine	xine-lib	1.0.1
xine	xine-lib	1.0.2
xine	xine-lib	1.0.3a
xine	xine-lib	1.1.0
xine	xine-lib	1.1.1
xine	xine-lib	1.1.10
xine	xine-lib	1.1.10.1
xine	xine-lib	1.1.11
xiph	speex	*
xiph	speex	1.0.2
xiph	speex	1.0.3
xiph	speex	1.0.4
xiph	speex	1.0.5
xiph	speex	1.1.1
xiph	speex	1.1.2
xiph	speex	1.1.3
xiph	speex	1.1.4
xiph	speex	1.1.5
xiph	speex	1.1.6
xiph	speex	1.1.7
xiph	speex	1.1.8
xiph	speex	1.1.9
xiph	speex	1.1.10
xiph	speex	1.1.11
xiph	speex	1.1.11.1
xiph	libfishsound	*
xiph	libfishsound	0.5.41
xiph	libfishsound	0.5.42
xiph	libfishsound	0.6.0
xiph	libfishsound	0.6.1
xiph	libfishsound	0.6.2
xiph	libfishsound	0.6.3
xiph	libfishsound	0.7.0
xiph	libfishsound	0.8.0
xiph	libfishsound	0.8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4432BC00-44D6-4ED9-B642-1BF8C81B6EAD",
              "versionEndIncluding": "1.1.11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C3B238B-BE7C-4912-A56A-95DE5051846E",
              "versionEndIncluding": "1.1.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BC5FA0-E710-42D4-8BF0-4D30BC44C833",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8789D167-6DF2-46B7-ABA2-717E141738BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B93DC9BF-7CA8-4729-9A3D-F1CB711E1D37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04629EA-2BE2-42D5-9AC7-DDC7AB1818FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3873FDB9-80A9-4968-B0DC-84201AE1C78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7339D59-8049-4172-BB68-134F9B50E896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D762BB7-7A35-4D2A-9EC7-A328197F1EAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "46825B5B-B8A2-4FEB-991D-F2AE174A8C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D3BC3CC-07AA-445F-8913-E1FABC60C2AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ACE9F82-E352-47C7-BA34-C97E4FB759FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CFF577A-41DB-49B8-BA00-00650DA10DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9655A71E-C2E4-4003-BBA7-05BD29375621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E545096-41AC-4DF0-92B4-747CC1F1FE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E27446-B68B-4213-9FD1-3C3A8941BA24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0B0BC2-C155-460B-A8CB-0CF0C04896BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA06646-FCDF-427D-84B1-99D8C6889CC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68C981F1-832E-46A5-99CB-ECC3B46D21DD",
              "versionEndIncluding": "0.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE5D47C5-1171-4A95-82CC-DA965D893F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "585368E9-36BB-45F6-A427-AF8578AA9347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72C4DD65-8354-40DE-B05F-6742A67C8BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55901750-2FB5-4C4E-A1C9-8204D16FEBC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "022A0430-895C-46EA-A0C6-BA7492443901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CCA2B56-BB40-40AD-97F8-3AFCD2A66C1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C7D68C-FEA1-4DC6-9FC4-A32AF894472C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B42ED6-243E-427D-86F3-46EEC0DF282D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30743A63-4AA4-4812-9026-04A8FC1308ED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de \u00edndice de matriz en Speex versi\u00f3n 1.1.12 y anteriores, tal y como es usado en libfishsound versi\u00f3n 0.9.0 y anteriores, incluyendo Illiminable DirectShow Filters y Annodex Plugins para Firefox, xine-lib versiones anteriores a 1.1.12, y muchos otros productos, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una estructura de encabezado que contiene un desplazamiento negativo, que se utiliza para desreferenciar un puntero de funci\u00f3n."
    }
  ],
  "id": "CVE-2008-1686",
  "lastModified": "2024-11-21T00:45:05.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-04-08T18:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29672"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29727"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29835"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29845"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29854"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29866"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29878"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29880"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29881"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29882"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29898"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30104"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30117"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30119"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30337"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30353"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30358"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30581"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30717"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31393"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1584"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1585"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1586"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.metadecks.org/software/sweep/news.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ocert.org/advisories/ocert-2008-004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ocert.org/advisories/ocert-2008-2.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28665"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019875"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-611-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-611-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-611-3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-635-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1187/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1228/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1268/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1269/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1300/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1301/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1302/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.metadecks.org/software/sweep/news.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/advisories/ocert-2008-004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/advisories/ocert-2008-2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-611-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-611-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-611-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-635-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1187/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1228/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1268/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1269/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1300/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1301/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1302/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2008-1686

Vulnerability from cvelistv5

Published

2008-04-08 18:00

Modified

2024-08-07 08:32

Severity ?

Summary

References

▼	URL	Tags
	http://www.ubuntu.com/usn/usn-611-1	vendor-advisory, x_refsource_UBUNTU
	http://sourceforge.net/project/shownotes.php?release_id=592185	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/491009/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/1302/references	vdb-entry, x_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:124	vendor-advisory, x_refsource_MANDRIVA
	http://www.securitytracker.com/id?1019875	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/29878	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29898	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2008/1269/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/29866	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1586	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/30117	third-party-advisory, x_refsource_SECUNIA
	http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/30104	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1300/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/29727	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1301/references	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/usn-611-3	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/29672	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2008/dsa-1585	vendor-advisory, x_refsource_DEBIAN
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:092	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/30353	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41684	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/29835	third-party-advisory, x_refsource_SECUNIA
	http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655	x_refsource_CONFIRM
	http://secunia.com/advisories/29880	third-party-advisory, x_refsource_SECUNIA
	http://blog.kfish.org/2008/04/release-libfishsound-091.html	x_refsource_CONFIRM
	http://secunia.com/advisories/31393	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026	vdb-entry, signature, x_refsource_OVAL
	http://www.ocert.org/advisories/ocert-2008-2.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2008/1228/references	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2008/dsa-1584	vendor-advisory, x_refsource_DEBIAN
	http://www.ocert.org/advisories/ocert-2008-004.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2008/1268/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/29845	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-611-2	vendor-advisory, x_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2008-0235.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/30358	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29854	third-party-advisory, x_refsource_SECUNIA
	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836	vendor-advisory, x_refsource_SLACKWARE
	http://www.vupen.com/english/advisories/2008/1187/references	vdb-entry, x_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:094	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/29881	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:093	vendor-advisory, x_refsource_MANDRIVA
	http://security.gentoo.org/glsa/glsa-200804-17.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/30119	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/28665	vdb-entry, x_refsource_BID
	http://www.metadecks.org/software/sweep/news.html	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html	vendor-advisory, x_refsource_FEDORA
	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/29882	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-635-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/30337	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30581	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2008_13_sr.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/30717	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-611-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-611-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
          },
          {
            "name": "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
          },
          {
            "name": "ADV-2008-1302",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1302/references"
          },
          {
            "name": "MDVSA-2008:124",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
          },
          {
            "name": "1019875",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019875"
          },
          {
            "name": "29878",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29878"
          },
          {
            "name": "29898",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29898"
          },
          {
            "name": "FEDORA-2008-3103",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
          },
          {
            "name": "ADV-2008-1269",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1269/references"
          },
          {
            "name": "29866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29866"
          },
          {
            "name": "DSA-1586",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1586"
          },
          {
            "name": "30117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30117"
          },
          {
            "name": "[Speex-dev] 20080406 libfishsound 0.9.1 Release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
          },
          {
            "name": "30104",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30104"
          },
          {
            "name": "ADV-2008-1300",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1300/references"
          },
          {
            "name": "29727",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29727"
          },
          {
            "name": "ADV-2008-1301",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1301/references"
          },
          {
            "name": "USN-611-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-611-3"
          },
          {
            "name": "29672",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29672"
          },
          {
            "name": "SUSE-SR:2008:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
          },
          {
            "name": "DSA-1585",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1585"
          },
          {
            "name": "MDVSA-2008:092",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
          },
          {
            "name": "30353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30353"
          },
          {
            "name": "fishsound-libfishsound-speex-bo(41684)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
          },
          {
            "name": "29835",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29835"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
          },
          {
            "name": "29880",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29880"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
          },
          {
            "name": "31393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31393"
          },
          {
            "name": "oval:org.mitre.oval:def:10026",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2008-2.html"
          },
          {
            "name": "ADV-2008-1228",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1228/references"
          },
          {
            "name": "DSA-1584",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1584"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2008-004.html"
          },
          {
            "name": "ADV-2008-1268",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1268/references"
          },
          {
            "name": "29845",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29845"
          },
          {
            "name": "USN-611-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-611-2"
          },
          {
            "name": "RHSA-2008:0235",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
          },
          {
            "name": "30358",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30358"
          },
          {
            "name": "29854",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29854"
          },
          {
            "name": "SSA:2008-111-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
          },
          {
            "name": "ADV-2008-1187",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1187/references"
          },
          {
            "name": "MDVSA-2008:094",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
          },
          {
            "name": "29881",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29881"
          },
          {
            "name": "MDVSA-2008:093",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
          },
          {
            "name": "GLSA-200804-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
          },
          {
            "name": "30119",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30119"
          },
          {
            "name": "28665",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28665"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.metadecks.org/software/sweep/news.html"
          },
          {
            "name": "FEDORA-2008-3191",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
          },
          {
            "name": "FEDORA-2008-3059",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
          },
          {
            "name": "29882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29882"
          },
          {
            "name": "USN-635-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-635-1"
          },
          {
            "name": "30337",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30337"
          },
          {
            "name": "30581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30581"
          },
          {
            "name": "SUSE-SR:2008:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
          },
          {
            "name": "30717",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30717"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-611-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-611-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
        },
        {
          "name": "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
        },
        {
          "name": "ADV-2008-1302",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1302/references"
        },
        {
          "name": "MDVSA-2008:124",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
        },
        {
          "name": "1019875",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019875"
        },
        {
          "name": "29878",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29878"
        },
        {
          "name": "29898",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29898"
        },
        {
          "name": "FEDORA-2008-3103",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
        },
        {
          "name": "ADV-2008-1269",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1269/references"
        },
        {
          "name": "29866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29866"
        },
        {
          "name": "DSA-1586",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1586"
        },
        {
          "name": "30117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30117"
        },
        {
          "name": "[Speex-dev] 20080406 libfishsound 0.9.1 Release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
        },
        {
          "name": "30104",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30104"
        },
        {
          "name": "ADV-2008-1300",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1300/references"
        },
        {
          "name": "29727",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29727"
        },
        {
          "name": "ADV-2008-1301",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1301/references"
        },
        {
          "name": "USN-611-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-611-3"
        },
        {
          "name": "29672",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29672"
        },
        {
          "name": "SUSE-SR:2008:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
        },
        {
          "name": "DSA-1585",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1585"
        },
        {
          "name": "MDVSA-2008:092",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
        },
        {
          "name": "30353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30353"
        },
        {
          "name": "fishsound-libfishsound-speex-bo(41684)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
        },
        {
          "name": "29835",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29835"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
        },
        {
          "name": "29880",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29880"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
        },
        {
          "name": "31393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31393"
        },
        {
          "name": "oval:org.mitre.oval:def:10026",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2008-2.html"
        },
        {
          "name": "ADV-2008-1228",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1228/references"
        },
        {
          "name": "DSA-1584",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1584"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2008-004.html"
        },
        {
          "name": "ADV-2008-1268",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1268/references"
        },
        {
          "name": "29845",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29845"
        },
        {
          "name": "USN-611-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-611-2"
        },
        {
          "name": "RHSA-2008:0235",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
        },
        {
          "name": "30358",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30358"
        },
        {
          "name": "29854",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29854"
        },
        {
          "name": "SSA:2008-111-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
        },
        {
          "name": "ADV-2008-1187",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1187/references"
        },
        {
          "name": "MDVSA-2008:094",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
        },
        {
          "name": "29881",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29881"
        },
        {
          "name": "MDVSA-2008:093",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
        },
        {
          "name": "GLSA-200804-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
        },
        {
          "name": "30119",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30119"
        },
        {
          "name": "28665",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28665"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.metadecks.org/software/sweep/news.html"
        },
        {
          "name": "FEDORA-2008-3191",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
        },
        {
          "name": "FEDORA-2008-3059",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
        },
        {
          "name": "29882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29882"
        },
        {
          "name": "USN-635-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-635-1"
        },
        {
          "name": "30337",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30337"
        },
        {
          "name": "30581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30581"
        },
        {
          "name": "SUSE-SR:2008:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
        },
        {
          "name": "30717",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30717"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1686",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-611-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-611-1"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=592185",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=592185"
            },
            {
              "name": "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/491009/100/0/threaded"
            },
            {
              "name": "ADV-2008-1302",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1302/references"
            },
            {
              "name": "MDVSA-2008:124",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124"
            },
            {
              "name": "1019875",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019875"
            },
            {
              "name": "29878",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29878"
            },
            {
              "name": "29898",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29898"
            },
            {
              "name": "FEDORA-2008-3103",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html"
            },
            {
              "name": "ADV-2008-1269",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1269/references"
            },
            {
              "name": "29866",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29866"
            },
            {
              "name": "DSA-1586",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1586"
            },
            {
              "name": "30117",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30117"
            },
            {
              "name": "[Speex-dev] 20080406 libfishsound 0.9.1 Release",
              "refsource": "MLIST",
              "url": "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html"
            },
            {
              "name": "30104",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30104"
            },
            {
              "name": "ADV-2008-1300",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1300/references"
            },
            {
              "name": "29727",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29727"
            },
            {
              "name": "ADV-2008-1301",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1301/references"
            },
            {
              "name": "USN-611-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-611-3"
            },
            {
              "name": "29672",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29672"
            },
            {
              "name": "SUSE-SR:2008:012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
            },
            {
              "name": "DSA-1585",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1585"
            },
            {
              "name": "MDVSA-2008:092",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092"
            },
            {
              "name": "30353",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30353"
            },
            {
              "name": "fishsound-libfishsound-speex-bo(41684)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684"
            },
            {
              "name": "29835",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29835"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=592185\u0026group_id=9655"
            },
            {
              "name": "29880",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29880"
            },
            {
              "name": "http://blog.kfish.org/2008/04/release-libfishsound-091.html",
              "refsource": "CONFIRM",
              "url": "http://blog.kfish.org/2008/04/release-libfishsound-091.html"
            },
            {
              "name": "31393",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31393"
            },
            {
              "name": "oval:org.mitre.oval:def:10026",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2008-2.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2008-2.html"
            },
            {
              "name": "ADV-2008-1228",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1228/references"
            },
            {
              "name": "DSA-1584",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1584"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2008-004.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2008-004.html"
            },
            {
              "name": "ADV-2008-1268",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1268/references"
            },
            {
              "name": "29845",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29845"
            },
            {
              "name": "USN-611-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-611-2"
            },
            {
              "name": "RHSA-2008:0235",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0235.html"
            },
            {
              "name": "30358",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30358"
            },
            {
              "name": "29854",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29854"
            },
            {
              "name": "SSA:2008-111-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.460836"
            },
            {
              "name": "ADV-2008-1187",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1187/references"
            },
            {
              "name": "MDVSA-2008:094",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094"
            },
            {
              "name": "29881",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29881"
            },
            {
              "name": "MDVSA-2008:093",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093"
            },
            {
              "name": "GLSA-200804-17",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-17.xml"
            },
            {
              "name": "30119",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30119"
            },
            {
              "name": "28665",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28665"
            },
            {
              "name": "http://www.metadecks.org/software/sweep/news.html",
              "refsource": "CONFIRM",
              "url": "http://www.metadecks.org/software/sweep/news.html"
            },
            {
              "name": "FEDORA-2008-3191",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html"
            },
            {
              "name": "FEDORA-2008-3059",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html"
            },
            {
              "name": "29882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29882"
            },
            {
              "name": "USN-635-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-635-1"
            },
            {
              "name": "30337",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30337"
            },
            {
              "name": "30581",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30581"
            },
            {
              "name": "SUSE-SR:2008:013",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
            },
            {
              "name": "30717",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30717"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1686",
    "datePublished": "2008-04-08T18:00:00",
    "dateReserved": "2008-04-06T00:00:00",
    "dateUpdated": "2024-08-07T08:32:01.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}