CVE-2008-1686

Priority
Description
Array index vulnerability in Speex 1.1.12 and earlier, as used in
libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters
and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other
products, allows remote attackers to execute arbitrary code via a header
structure containing a negative offset, which is used to dereference a
function pointer.
Assigned-to
jdstrand
Notes
jdstrandupstream libfishsound should have a patch
filed Debian bug #480059 for vorbis-tools (to hopefully get via
merge in intrepid)
Mandriva reference is a regression bug (and fix) for xine-lib
Package
Upstream:released (0.7.0-2.2)
Package
Source: sweep (LP Ubuntu Debian)
Upstream:released (0.9.3)
Package
Upstream:needs-triage
More Information

Updated: 2020-09-10 00:38:35 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)