VDB

CVE-2008-1686

CVE-2008-1686 PUBLISHED CVSS 9.300000190734863 CRITICAL

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

EPSS 5.93% · 90.8th percentile

Risk Scores

CVSS 2.0
9.300000190734863
EPSS Score
5.93%
90.8th percentile

Affected Products

VendorProductVersions
xinexine-lib0, 0.9.8, 0.9.13
xiphspeex1.1.11.1, 1.1.2, 1.1.3
n/an/an/a
xiphlibfishsound0.6.0, 0.6.1, 0.6.2

Timeline

  • Apr 8, 2008 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
  • Sep 8, 2023 EPSS Score
  • Dec 22, 2023 EPSS Score

References

…and 39 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›