9.3

CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XineXine-lib Version <= 1.1.11.1
XineXine-lib Version0.9.8
XineXine-lib Version0.9.13
XineXine-lib Version0.99
XineXine-lib Version1.0
XineXine-lib Version1.0.1
XineXine-lib Version1.0.2
XineXine-lib Version1.0.3a
XineXine-lib Version1.1.0
XineXine-lib Version1.1.1
XineXine-lib Version1.1.10
XineXine-lib Version1.1.10.1
XineXine-lib Version1.1.11
XiphSpeex Version <= 1.1.12
XiphSpeex Version1.0.2
XiphSpeex Version1.0.3
XiphSpeex Version1.0.4
XiphSpeex Version1.0.5
XiphSpeex Version1.1.1
XiphSpeex Version1.1.2
XiphSpeex Version1.1.3
XiphSpeex Version1.1.4
XiphSpeex Version1.1.5
XiphSpeex Version1.1.6
XiphSpeex Version1.1.7
XiphSpeex Version1.1.8
XiphSpeex Version1.1.9
XiphSpeex Version1.1.10
XiphSpeex Version1.1.11
XiphSpeex Version1.1.11.1
XiphLibfishsound Version <= 0.9.0
XiphLibfishsound Version0.5.41
XiphLibfishsound Version0.5.42
XiphLibfishsound Version0.6.0
XiphLibfishsound Version0.6.1
XiphLibfishsound Version0.6.2
XiphLibfishsound Version0.6.3
XiphLibfishsound Version0.7.0
XiphLibfishsound Version0.8.0
XiphLibfishsound Version0.8.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.49% 0.93
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/30717
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://secunia.com/advisories/31393
Vendor Advisory
http://www.ubuntu.com/usn/usn-635-1
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://secunia.com/advisories/30581
Vendor Advisory
http://secunia.com/advisories/30337
http://www.debian.org/security/2008/dsa-1586
http://blog.kfish.org/2008/04/release-libfishsound-091.html
http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
http://secunia.com/advisories/29672
Vendor Advisory
http://secunia.com/advisories/29727
Vendor Advisory
http://secunia.com/advisories/29835
Vendor Advisory
http://secunia.com/advisories/29845
Vendor Advisory
http://secunia.com/advisories/29854
Vendor Advisory
http://secunia.com/advisories/29866
Vendor Advisory
http://secunia.com/advisories/29878
Vendor Advisory
http://secunia.com/advisories/29880
Vendor Advisory
http://secunia.com/advisories/29881
Vendor Advisory
http://secunia.com/advisories/29882
Vendor Advisory
http://secunia.com/advisories/29898
Vendor Advisory
http://secunia.com/advisories/30104
Vendor Advisory
http://secunia.com/advisories/30117
Vendor Advisory
http://secunia.com/advisories/30119
Vendor Advisory
http://secunia.com/advisories/30353
Vendor Advisory
http://secunia.com/advisories/30358
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-17.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
http://sourceforge.net/project/shownotes.php?release_id=592185
http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
http://www.debian.org/security/2008/dsa-1584
Patch
http://www.debian.org/security/2008/dsa-1585
Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
http://www.metadecks.org/software/sweep/news.html
http://www.ocert.org/advisories/ocert-2008-004.html
http://www.ocert.org/advisories/ocert-2008-2.html
http://www.redhat.com/support/errata/RHSA-2008-0235.html
http://www.securityfocus.com/archive/1/491009/100/0/threaded
http://www.securityfocus.com/bid/28665
Patch
http://www.securitytracker.com/id?1019875
http://www.ubuntu.com/usn/usn-611-1
http://www.ubuntu.com/usn/usn-611-2
http://www.ubuntu.com/usn/usn-611-3
http://www.vupen.com/english/advisories/2008/1187/references
http://www.vupen.com/english/advisories/2008/1228/references
http://www.vupen.com/english/advisories/2008/1268/references
http://www.vupen.com/english/advisories/2008/1269/references
http://www.vupen.com/english/advisories/2008/1300/references
http://www.vupen.com/english/advisories/2008/1301/references
http://www.vupen.com/english/advisories/2008/1302/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html