CVE-2008-1686
Publication date 8 April 2008
Last updated 24 July 2024
Ubuntu priority
Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
Status
Package | Ubuntu Release | Status |
---|---|---|
gst-plugins-good0.10 | ||
libfishsound | ||
speex | ||
sweep | ||
vlc | ||
vorbis-tools | ||
xine-lib | ||
xmms-speex | ||
Notes
jdstrand
upstream libfishsound should have a patch filed Debian bug #480059 for vorbis-tools (to hopefully get via merge in intrepid) Mandriva reference is a regression bug (and fix) for xine-lib
Patch details
Package | Patch details |
---|---|
gst-plugins-good0.10 | |
speex | |
vlc | |
vorbis-tools | |
xine-lib |