CVE-2008-1686 (GCVE-0-2008-1686)
Vulnerability from cvelistv5
Published
2008-04-08 18:00
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.268Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-611-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-611-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=592185", }, { name: "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/491009/100/0/threaded", }, { name: "ADV-2008-1302", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1302/references", }, { name: "MDVSA-2008:124", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124", }, { name: "1019875", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1019875", }, { name: "29878", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29878", }, { name: "29898", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29898", }, { name: "FEDORA-2008-3103", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html", }, { name: "ADV-2008-1269", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1269/references", }, { name: "29866", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29866", }, { name: "DSA-1586", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1586", }, { name: "30117", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30117", }, { name: "[Speex-dev] 20080406 libfishsound 0.9.1 Release", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html", }, { name: "30104", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30104", }, { name: "ADV-2008-1300", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1300/references", }, { name: "29727", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29727", }, { name: "ADV-2008-1301", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1301/references", }, { name: "USN-611-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-611-3", }, { name: "29672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29672", }, { name: "SUSE-SR:2008:012", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html", }, { name: "DSA-1585", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1585", }, { name: "MDVSA-2008:092", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092", }, { name: "30353", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30353", }, { name: "fishsound-libfishsound-speex-bo(41684)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684", }, { name: "29835", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29835", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655", }, { name: "29880", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29880", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.kfish.org/2008/04/release-libfishsound-091.html", }, { name: "31393", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31393", }, { name: "oval:org.mitre.oval:def:10026", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ocert.org/advisories/ocert-2008-2.html", }, { name: "ADV-2008-1228", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1228/references", }, { name: "DSA-1584", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1584", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ocert.org/advisories/ocert-2008-004.html", }, { name: "ADV-2008-1268", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1268/references", }, { name: "29845", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29845", }, { name: "USN-611-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-611-2", }, { name: "RHSA-2008:0235", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0235.html", }, { name: "30358", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30358", }, { name: "29854", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29854", }, { name: "SSA:2008-111-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836", }, { name: "ADV-2008-1187", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1187/references", }, { name: "MDVSA-2008:094", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094", }, { name: "29881", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29881", }, { name: "MDVSA-2008:093", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093", }, { name: "GLSA-200804-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200804-17.xml", }, { name: "30119", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30119", }, { name: "28665", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28665", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.metadecks.org/software/sweep/news.html", }, { name: "FEDORA-2008-3191", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html", }, { name: "FEDORA-2008-3059", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html", }, { name: "29882", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29882", }, { name: "USN-635-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-635-1", }, { name: "30337", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30337", }, { name: "30581", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30581", }, { name: "SUSE-SR:2008:013", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2008_13_sr.html", }, { name: "30717", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30717", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-04-06T00:00:00", descriptions: [ { lang: "en", value: "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-611-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-611-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=592185", }, { name: "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/491009/100/0/threaded", }, { name: "ADV-2008-1302", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1302/references", }, { name: "MDVSA-2008:124", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124", }, { name: "1019875", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1019875", }, { name: "29878", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29878", }, { name: "29898", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29898", }, { name: "FEDORA-2008-3103", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html", }, { name: "ADV-2008-1269", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1269/references", }, { name: "29866", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29866", }, { name: "DSA-1586", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1586", }, { name: "30117", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30117", }, { name: "[Speex-dev] 20080406 libfishsound 0.9.1 Release", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html", }, { name: "30104", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30104", }, { name: "ADV-2008-1300", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1300/references", }, { name: "29727", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29727", }, { name: "ADV-2008-1301", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1301/references", }, { name: "USN-611-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-611-3", }, { name: "29672", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29672", }, { name: "SUSE-SR:2008:012", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html", }, { name: "DSA-1585", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1585", }, { name: "MDVSA-2008:092", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092", }, { name: "30353", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30353", }, { name: "fishsound-libfishsound-speex-bo(41684)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684", }, { name: "29835", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29835", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655", }, { name: "29880", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29880", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.kfish.org/2008/04/release-libfishsound-091.html", }, { name: "31393", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31393", }, { name: "oval:org.mitre.oval:def:10026", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ocert.org/advisories/ocert-2008-2.html", }, { name: "ADV-2008-1228", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1228/references", }, { name: "DSA-1584", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1584", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ocert.org/advisories/ocert-2008-004.html", }, { name: "ADV-2008-1268", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1268/references", }, { name: "29845", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29845", }, { name: "USN-611-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-611-2", }, { name: "RHSA-2008:0235", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0235.html", }, { name: "30358", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30358", }, { name: "29854", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29854", }, { name: "SSA:2008-111-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836", }, { name: "ADV-2008-1187", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1187/references", }, { name: "MDVSA-2008:094", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094", }, { name: "29881", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29881", }, { name: "MDVSA-2008:093", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093", }, { name: "GLSA-200804-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200804-17.xml", }, { name: "30119", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30119", }, { name: "28665", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28665", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.metadecks.org/software/sweep/news.html", }, { name: "FEDORA-2008-3191", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html", }, { name: "FEDORA-2008-3059", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html", }, { name: "29882", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29882", }, { name: "USN-635-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-635-1", }, { name: "30337", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30337", }, { name: "30581", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30581", }, { name: "SUSE-SR:2008:013", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2008_13_sr.html", }, { name: "30717", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30717", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1686", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-611-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-611-1", }, { name: "http://sourceforge.net/project/shownotes.php?release_id=592185", refsource: "CONFIRM", url: "http://sourceforge.net/project/shownotes.php?release_id=592185", }, { name: "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/491009/100/0/threaded", }, { name: "ADV-2008-1302", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1302/references", }, { name: "MDVSA-2008:124", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124", }, { name: "1019875", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1019875", }, { name: "29878", refsource: "SECUNIA", url: "http://secunia.com/advisories/29878", }, { name: "29898", refsource: "SECUNIA", url: "http://secunia.com/advisories/29898", }, { name: "FEDORA-2008-3103", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html", }, { name: "ADV-2008-1269", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1269/references", }, { name: "29866", refsource: "SECUNIA", url: "http://secunia.com/advisories/29866", }, { name: "DSA-1586", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1586", }, { name: "30117", refsource: "SECUNIA", url: "http://secunia.com/advisories/30117", }, { name: "[Speex-dev] 20080406 libfishsound 0.9.1 Release", refsource: "MLIST", url: "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html", }, { name: "30104", refsource: "SECUNIA", url: "http://secunia.com/advisories/30104", }, { name: "ADV-2008-1300", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1300/references", }, { name: "29727", refsource: "SECUNIA", url: "http://secunia.com/advisories/29727", }, { name: "ADV-2008-1301", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1301/references", }, { name: "USN-611-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-611-3", }, { name: "29672", refsource: "SECUNIA", url: "http://secunia.com/advisories/29672", }, { name: "SUSE-SR:2008:012", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html", }, { name: "DSA-1585", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1585", }, { name: "MDVSA-2008:092", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092", }, { name: "30353", refsource: "SECUNIA", url: "http://secunia.com/advisories/30353", }, { name: "fishsound-libfishsound-speex-bo(41684)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684", }, { name: "29835", refsource: "SECUNIA", url: "http://secunia.com/advisories/29835", }, { name: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655", refsource: "CONFIRM", url: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655", }, { name: "29880", refsource: "SECUNIA", url: "http://secunia.com/advisories/29880", }, { name: "http://blog.kfish.org/2008/04/release-libfishsound-091.html", refsource: "CONFIRM", url: "http://blog.kfish.org/2008/04/release-libfishsound-091.html", }, { name: "31393", refsource: "SECUNIA", url: "http://secunia.com/advisories/31393", }, { name: "oval:org.mitre.oval:def:10026", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026", }, { name: "http://www.ocert.org/advisories/ocert-2008-2.html", refsource: "MISC", url: "http://www.ocert.org/advisories/ocert-2008-2.html", }, { name: "ADV-2008-1228", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1228/references", }, { name: "DSA-1584", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1584", }, { name: "http://www.ocert.org/advisories/ocert-2008-004.html", refsource: "MISC", url: "http://www.ocert.org/advisories/ocert-2008-004.html", }, { name: "ADV-2008-1268", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1268/references", }, { name: "29845", refsource: "SECUNIA", url: "http://secunia.com/advisories/29845", }, { name: "USN-611-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-611-2", }, { name: "RHSA-2008:0235", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0235.html", }, { name: "30358", refsource: "SECUNIA", url: "http://secunia.com/advisories/30358", }, { name: "29854", refsource: "SECUNIA", url: "http://secunia.com/advisories/29854", }, { name: "SSA:2008-111-01", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836", }, { name: "ADV-2008-1187", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1187/references", }, { name: "MDVSA-2008:094", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094", }, { name: "29881", refsource: "SECUNIA", url: "http://secunia.com/advisories/29881", }, { name: "MDVSA-2008:093", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093", }, { name: "GLSA-200804-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200804-17.xml", }, { name: "30119", refsource: "SECUNIA", url: "http://secunia.com/advisories/30119", }, { name: "28665", refsource: "BID", url: "http://www.securityfocus.com/bid/28665", }, { name: "http://www.metadecks.org/software/sweep/news.html", refsource: "CONFIRM", url: "http://www.metadecks.org/software/sweep/news.html", }, { name: "FEDORA-2008-3191", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html", }, { name: "FEDORA-2008-3059", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html", }, { name: "29882", refsource: "SECUNIA", url: "http://secunia.com/advisories/29882", }, { name: "USN-635-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-635-1", }, { name: "30337", refsource: "SECUNIA", url: "http://secunia.com/advisories/30337", }, { name: "30581", refsource: "SECUNIA", url: "http://secunia.com/advisories/30581", }, { name: "SUSE-SR:2008:013", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2008_13_sr.html", }, { name: "30717", refsource: "SECUNIA", url: "http://secunia.com/advisories/30717", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1686", datePublished: "2008-04-08T18:00:00", dateReserved: "2008-04-06T00:00:00", dateUpdated: "2024-08-07T08:32:01.268Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1.11.1\", \"matchCriteriaId\": \"4432BC00-44D6-4ED9-B642-1BF8C81B6EAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEB839B0-408E-4D96-B576-D9300082B7A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FEDBE74-5040-4E61-A34A-2BC36A2A129F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8D402CB-4DED-4525-AF38-B5EC73C39E55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A905719D-4520-4374-B3A7-55034728B85C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2899EF34-824B-4893-8636-64A83EC5885B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EB8D295-B589-4E88-8FEE-DDD1591D9189\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAB10333-6C25-4359-BB3F-D76468170825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2377493B-8CC0-414B-AA5F-B7777C852195\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFC149FA-B916-4844-AD98-B7827116C803\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2BBF4E9-6090-4ED3-8A12-09396E660505\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA642532-365F-4981-BA09-A56D3628271C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1.12\", \"matchCriteriaId\": \"5C3B238B-BE7C-4912-A56A-95DE5051846E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95BC5FA0-E710-42D4-8BF0-4D30BC44C833\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8789D167-6DF2-46B7-ABA2-717E141738BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B93DC9BF-7CA8-4729-9A3D-F1CB711E1D37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F04629EA-2BE2-42D5-9AC7-DDC7AB1818FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3873FDB9-80A9-4968-B0DC-84201AE1C78C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7339D59-8049-4172-BB68-134F9B50E896\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D762BB7-7A35-4D2A-9EC7-A328197F1EAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46825B5B-B8A2-4FEB-991D-F2AE174A8C3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D3BC3CC-07AA-445F-8913-E1FABC60C2AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9ACE9F82-E352-47C7-BA34-C97E4FB759FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CFF577A-41DB-49B8-BA00-00650DA10DF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9655A71E-C2E4-4003-BBA7-05BD29375621\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E545096-41AC-4DF0-92B4-747CC1F1FE0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08E27446-B68B-4213-9FD1-3C3A8941BA24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A0B0BC2-C155-460B-A8CB-0CF0C04896BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BA06646-FCDF-427D-84B1-99D8C6889CC7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.9.0\", \"matchCriteriaId\": \"68C981F1-832E-46A5-99CB-ECC3B46D21DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE5D47C5-1171-4A95-82CC-DA965D893F7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"585368E9-36BB-45F6-A427-AF8578AA9347\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72C4DD65-8354-40DE-B05F-6742A67C8BCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55901750-2FB5-4C4E-A1C9-8204D16FEBC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"022A0430-895C-46EA-A0C6-BA7492443901\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CCA2B56-BB40-40AD-97F8-3AFCD2A66C1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76C7D68C-FEA1-4DC6-9FC4-A32AF894472C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0B42ED6-243E-427D-86F3-46EEC0DF282D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30743A63-4AA4-4812-9026-04A8FC1308ED\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de \\u00edndice de matriz en Speex versi\\u00f3n 1.1.12 y anteriores, tal y como es usado en libfishsound versi\\u00f3n 0.9.0 y anteriores, incluyendo Illiminable DirectShow Filters y Annodex Plugins para Firefox, xine-lib versiones anteriores a 1.1.12, y muchos otros productos, permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de una estructura de encabezado que contiene un desplazamiento negativo, que se utiliza para desreferenciar un puntero de funci\\u00f3n.\"}]", id: "CVE-2008-1686", lastModified: "2024-11-21T00:45:05.803", metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2008-04-08T18:05:00.000", references: "[{\"url\": \"http://blog.kfish.org/2008/04/release-libfishsound-091.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29672\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29727\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29835\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29845\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29854\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29866\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29878\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29880\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29881\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29882\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29898\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30104\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30117\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30119\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30337\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30353\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30358\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30581\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30717\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31393\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200804-17.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=592185\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1584\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.debian.org/security/2008/dsa-1585\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.debian.org/security/2008/dsa-1586\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:092\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:093\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:094\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:124\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.metadecks.org/software/sweep/news.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2008_13_sr.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ocert.org/advisories/ocert-2008-004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ocert.org/advisories/ocert-2008-2.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0235.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/491009/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28665\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019875\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-611-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-611-2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-611-3\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-635-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1187/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1228/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1268/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1269/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1300/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1301/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1302/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41684\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blog.kfish.org/2008/04/release-libfishsound-091.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29672\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29727\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29835\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29845\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29854\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29866\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29878\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29880\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29881\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29882\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29898\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30104\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30119\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30337\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30353\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30358\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30581\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31393\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200804-17.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=592185\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1584\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.debian.org/security/2008/dsa-1585\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.debian.org/security/2008/dsa-1586\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:092\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:093\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:124\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.metadecks.org/software/sweep/news.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2008_13_sr.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ocert.org/advisories/ocert-2008-004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ocert.org/advisories/ocert-2008-2.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0235.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/491009/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28665\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019875\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-611-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-611-2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-611-3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-635-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1187/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1228/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1268/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1269/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1300/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1301/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1302/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41684\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2008-1686\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-04-08T18:05:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de índice de matriz en Speex versión 1.1.12 y anteriores, tal y como es usado en libfishsound versión 0.9.0 y anteriores, incluyendo Illiminable DirectShow Filters y Annodex Plugins para Firefox, xine-lib versiones anteriores a 1.1.12, y muchos otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de una estructura de encabezado que contiene un desplazamiento negativo, que se utiliza para desreferenciar un puntero de función.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.11.1\",\"matchCriteriaId\":\"4432BC00-44D6-4ED9-B642-1BF8C81B6EAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEB839B0-408E-4D96-B576-D9300082B7A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FEDBE74-5040-4E61-A34A-2BC36A2A129F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D402CB-4DED-4525-AF38-B5EC73C39E55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A905719D-4520-4374-B3A7-55034728B85C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2899EF34-824B-4893-8636-64A83EC5885B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EB8D295-B589-4E88-8FEE-DDD1591D9189\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAB10333-6C25-4359-BB3F-D76468170825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2377493B-8CC0-414B-AA5F-B7777C852195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFC149FA-B916-4844-AD98-B7827116C803\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BBF4E9-6090-4ED3-8A12-09396E660505\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA642532-365F-4981-BA09-A56D3628271C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.12\",\"matchCriteriaId\":\"5C3B238B-BE7C-4912-A56A-95DE5051846E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95BC5FA0-E710-42D4-8BF0-4D30BC44C833\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8789D167-6DF2-46B7-ABA2-717E141738BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B93DC9BF-7CA8-4729-9A3D-F1CB711E1D37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F04629EA-2BE2-42D5-9AC7-DDC7AB1818FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3873FDB9-80A9-4968-B0DC-84201AE1C78C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7339D59-8049-4172-BB68-134F9B50E896\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D762BB7-7A35-4D2A-9EC7-A328197F1EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46825B5B-B8A2-4FEB-991D-F2AE174A8C3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3BC3CC-07AA-445F-8913-E1FABC60C2AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ACE9F82-E352-47C7-BA34-C97E4FB759FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CFF577A-41DB-49B8-BA00-00650DA10DF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9655A71E-C2E4-4003-BBA7-05BD29375621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E545096-41AC-4DF0-92B4-747CC1F1FE0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E27446-B68B-4213-9FD1-3C3A8941BA24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0B0BC2-C155-460B-A8CB-0CF0C04896BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BA06646-FCDF-427D-84B1-99D8C6889CC7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9.0\",\"matchCriteriaId\":\"68C981F1-832E-46A5-99CB-ECC3B46D21DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE5D47C5-1171-4A95-82CC-DA965D893F7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585368E9-36BB-45F6-A427-AF8578AA9347\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72C4DD65-8354-40DE-B05F-6742A67C8BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55901750-2FB5-4C4E-A1C9-8204D16FEBC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"022A0430-895C-46EA-A0C6-BA7492443901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CCA2B56-BB40-40AD-97F8-3AFCD2A66C1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C7D68C-FEA1-4DC6-9FC4-A32AF894472C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B42ED6-243E-427D-86F3-46EEC0DF282D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30743A63-4AA4-4812-9026-04A8FC1308ED\"}]}]}],\"references\":[{\"url\":\"http://blog.kfish.org/2008/04/release-libfishsound-091.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29672\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29727\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29835\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29845\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29854\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29866\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29878\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29880\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29881\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29882\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29898\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30104\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30117\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30119\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30337\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30353\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30358\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30581\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30717\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31393\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200804-17.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=592185\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1584\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1585\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1586\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:092\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:093\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:094\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:124\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.metadecks.org/software/sweep/news.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2008_13_sr.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ocert.org/advisories/ocert-2008-004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ocert.org/advisories/ocert-2008-2.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0235.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/491009/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28665\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019875\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-611-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-611-2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-611-3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-635-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1187/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1228/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1268/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1269/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1300/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1301/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1302/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41684\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blog.kfish.org/2008/04/release-libfishsound-091.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29672\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29727\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29835\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29845\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29854\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29866\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29878\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29881\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29898\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30119\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200804-17.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=592185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1584\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.metadecks.org/software/sweep/news.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2008_13_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ocert.org/advisories/ocert-2008-004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ocert.org/advisories/ocert-2008-2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0235.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/491009/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019875\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-611-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-611-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-611-3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-635-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1187/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1228/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1268/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1269/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1300/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1301/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1302/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41684\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.