CVE-2008-1686 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-1686 PUBLISHED CVSS 9.300000190734863 CRITICAL

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

EPSS 5.25% · 89.9th percentile

Risk Scores

CVSS v2.0

9.300000190734863

EPSS Score

5.25%

89.9th percentile

Affected Products

Vendor	Product	Versions
xine	xine-lib	1.0.2, 0, 0.9.8
xiph	speex	1.1.7, 0, 1.0.2
n/a	n/a	n/a
xiph	libfishsound	0.5.41, 0.5.42, 0.6.0

Timeline

Apr 8, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Dec 13, 2023 EPSS Score

References

USN-611-1 vendor-advisory
http://sourceforge.net/project/shownotes.php?release_id=592185 url
20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks mailing-list
ADV-2008-1302 vdb
MDVSA-2008:124 vendor-advisory
1019875 vdb
29878 third-party-advisory
29898 third-party-advisory
FEDORA-2008-3103 vendor-advisory
ADV-2008-1269 vdb
29866 third-party-advisory
DSA-1586 vendor-advisory
30117 third-party-advisory
[Speex-dev] 20080406 libfishsound 0.9.1 Release mailing-list
30104 third-party-advisory
ADV-2008-1300 vdb
29727 third-party-advisory
ADV-2008-1301 vdb
USN-611-3 vendor-advisory
29672 third-party-advisory

…and 39 more

Open in Interactive Console →