CVE-2008-1686

Опубликовано: 08 апр. 2008

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Ссылки

http://blog.kfish.org/2008/04/release-libfishsound-091.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
http://secunia.com/advisories/29672
Vendor Advisory
http://secunia.com/advisories/29727
Vendor Advisory
http://secunia.com/advisories/29835
Vendor Advisory
http://secunia.com/advisories/29845
Vendor Advisory
http://secunia.com/advisories/29854
Vendor Advisory
http://secunia.com/advisories/29866
Vendor Advisory
http://secunia.com/advisories/29878
Vendor Advisory
http://secunia.com/advisories/29880
Vendor Advisory
http://secunia.com/advisories/29881
Vendor Advisory
http://secunia.com/advisories/29882
Vendor Advisory
http://secunia.com/advisories/29898
Vendor Advisory
http://secunia.com/advisories/30104
Vendor Advisory
http://secunia.com/advisories/30117
Vendor Advisory
http://secunia.com/advisories/30119
Vendor Advisory
http://secunia.com/advisories/30337
http://secunia.com/advisories/30353
Vendor Advisory
http://secunia.com/advisories/30358
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*

Версия до 1.1.11.1 (включая)

cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*

cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*

Версия до 1.1.12 (включая)

cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*

Версия до 0.9.0 (включая)

cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*

cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*

cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*

cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*

cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.0525

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-189

Связанные уязвимости

CVE-2008-1686

ubuntu

около 17 лет назад

CVE-2008-1686

redhat

около 17 лет назад

CVE-2008-1686

debian

около 17 лет назад

Array index vulnerability in Speex 1.1.12 and earlier, as used in libf ...

GHSA-8q5j-pq4c-9v79

github

около 3 лет назад

ELSA-2008-0235

oracle-oval

около 17 лет назад

ELSA-2008-0235: speex security update (IMPORTANT)

EPSS

Процентиль: 89%

0.0525

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-189