VDB
CVE-2008-1686
CVE-2008-1686
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
EPSS 5.93% · 90.8th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
5.93%
90.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| xine | xine-lib | 0, 0.9.8, 0.9.13 |
| xiph | speex | 1.1.11.1, 1.1.2, 1.1.3 |
| n/a | n/a | n/a |
| xiph | libfishsound | 0.6.0, 0.6.1, 0.6.2 |
Timeline
- Apr 8, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- USN-611-1 vendor-advisory
- http://sourceforge.net/project/shownotes.php?release_id=592185 url
- 20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks mailing-list
- ADV-2008-1302 vdb
- MDVSA-2008:124 vendor-advisory
- 1019875 vdb
- 29878 third-party-advisory
- 29898 third-party-advisory
- FEDORA-2008-3103 vendor-advisory
- ADV-2008-1269 vdb
- 29866 third-party-advisory
- DSA-1586 vendor-advisory
- 30117 third-party-advisory
- [Speex-dev] 20080406 libfishsound 0.9.1 Release mailing-list
- 30104 third-party-advisory
- ADV-2008-1300 vdb
- 29727 third-party-advisory
- ADV-2008-1301 vdb
- USN-611-3 vendor-advisory
- 29672 third-party-advisory
…and 39 more