9.3

CVE-2008-1686

EPSS 5.25%
Published 08.04.2008 18:05:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Affected products Warnungen 0 Metrics 2 CWE 0 References 61

Data is provided by the National Vulnerability Database (NVD)

Xine ≫ Xine-lib Version <= 1.1.11.1

Xine ≫ Xine-lib Version0.9.8

Xine ≫ Xine-lib Version0.9.13

Xine ≫ Xine-lib Version0.99

Xine ≫ Xine-lib Version1.0

Xine ≫ Xine-lib Version1.0.1

Xine ≫ Xine-lib Version1.0.2

Xine ≫ Xine-lib Version1.0.3a

Xine ≫ Xine-lib Version1.1.0

Xine ≫ Xine-lib Version1.1.1

Xine ≫ Xine-lib Version1.1.10

Xine ≫ Xine-lib Version1.1.10.1

Xine ≫ Xine-lib Version1.1.11

Xiph ≫ Speex Version <= 1.1.12

Xiph ≫ Speex Version1.0.2

Xiph ≫ Speex Version1.0.3

Xiph ≫ Speex Version1.0.4

Xiph ≫ Speex Version1.0.5

Xiph ≫ Speex Version1.1.1

Xiph ≫ Speex Version1.1.2

Xiph ≫ Speex Version1.1.3

Xiph ≫ Speex Version1.1.4

Xiph ≫ Speex Version1.1.5

Xiph ≫ Speex Version1.1.6

Xiph ≫ Speex Version1.1.7

Xiph ≫ Speex Version1.1.8

Xiph ≫ Speex Version1.1.9

Xiph ≫ Speex Version1.1.10

Xiph ≫ Speex Version1.1.11

Xiph ≫ Speex Version1.1.11.1

Xiph ≫ Libfishsound Version <= 0.9.0

Xiph ≫ Libfishsound Version0.5.41

Xiph ≫ Libfishsound Version0.5.42

Xiph ≫ Libfishsound Version0.6.0

Xiph ≫ Libfishsound Version0.6.1

Xiph ≫ Libfishsound Version0.6.2

Xiph ≫ Libfishsound Version0.6.3

Xiph ≫ Libfishsound Version0.7.0

Xiph ≫ Libfishsound Version0.8.0

Xiph ≫ Libfishsound Version0.8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.25%	0.896

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/30717

http://www.novell.com/linux/security/advisories/2008_13_sr.html

http://secunia.com/advisories/31393

Vendor Advisory

http://www.ubuntu.com/usn/usn-635-1

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html

http://secunia.com/advisories/30581

Vendor Advisory

http://secunia.com/advisories/30337

http://www.debian.org/security/2008/dsa-1586

http://blog.kfish.org/2008/04/release-libfishsound-091.html

http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html

http://secunia.com/advisories/29672

Vendor Advisory

http://secunia.com/advisories/29727

Vendor Advisory

http://secunia.com/advisories/29835

Vendor Advisory

http://secunia.com/advisories/29845

Vendor Advisory

http://secunia.com/advisories/29854

Vendor Advisory

http://secunia.com/advisories/29866

Vendor Advisory

http://secunia.com/advisories/29878

Vendor Advisory

http://secunia.com/advisories/29880

Vendor Advisory

http://secunia.com/advisories/29881

Vendor Advisory

http://secunia.com/advisories/29882

Vendor Advisory

http://secunia.com/advisories/29898

Vendor Advisory

http://secunia.com/advisories/30104

Vendor Advisory

http://secunia.com/advisories/30117

Vendor Advisory

http://secunia.com/advisories/30119

Vendor Advisory

http://secunia.com/advisories/30353

Vendor Advisory

http://secunia.com/advisories/30358

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200804-17.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836

http://sourceforge.net/project/shownotes.php?release_id=592185

http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655

http://www.debian.org/security/2008/dsa-1584

Patch

http://www.debian.org/security/2008/dsa-1585

Patch

http://www.mandriva.com/security/advisories?name=MDVSA-2008:092

http://www.mandriva.com/security/advisories?name=MDVSA-2008:093

http://www.mandriva.com/security/advisories?name=MDVSA-2008:094

http://www.mandriva.com/security/advisories?name=MDVSA-2008:124

http://www.metadecks.org/software/sweep/news.html

http://www.ocert.org/advisories/ocert-2008-004.html

http://www.ocert.org/advisories/ocert-2008-2.html

http://www.redhat.com/support/errata/RHSA-2008-0235.html

http://www.securityfocus.com/archive/1/491009/100/0/threaded

http://www.securityfocus.com/bid/28665

Patch

http://www.securitytracker.com/id?1019875

http://www.ubuntu.com/usn/usn-611-1

http://www.ubuntu.com/usn/usn-611-2

http://www.ubuntu.com/usn/usn-611-3

http://www.vupen.com/english/advisories/2008/1187/references

http://www.vupen.com/english/advisories/2008/1228/references

http://www.vupen.com/english/advisories/2008/1268/references

http://www.vupen.com/english/advisories/2008/1269/references

http://www.vupen.com/english/advisories/2008/1300/references

http://www.vupen.com/english/advisories/2008/1301/references

http://www.vupen.com/english/advisories/2008/1302/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41684

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html

https://nvd.nist.gov/vuln/detail/CVE-2008-1686

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1686

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1686

EUVD