CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Affected Software

Name	Vendor	Start Version	End Version
Xine-lib	Xine	*	1.1.11.1 (including)
Xine-lib	Xine	0.9.8 (including)	0.9.8 (including)
Xine-lib	Xine	0.9.13 (including)	0.9.13 (including)
Xine-lib	Xine	0.99 (including)	0.99 (including)
Xine-lib	Xine	1.0 (including)	1.0 (including)
Xine-lib	Xine	1.0.1 (including)	1.0.1 (including)
Xine-lib	Xine	1.0.2 (including)	1.0.2 (including)
Xine-lib	Xine	1.0.3a (including)	1.0.3a (including)
Xine-lib	Xine	1.1.0 (including)	1.1.0 (including)
Xine-lib	Xine	1.1.1 (including)	1.1.1 (including)
Xine-lib	Xine	1.1.10 (including)	1.1.10 (including)
Xine-lib	Xine	1.1.10.1 (including)	1.1.10.1 (including)
Xine-lib	Xine	1.1.11 (including)	1.1.11 (including)
Red Hat Enterprise Linux 4	RedHat	speex-0:1.0.4-4.el4_6.1	*
Red Hat Enterprise Linux 5	RedHat	speex-0:1.0.5-4.el5_1.1	*
Gst-plugins-good0.10	Ubuntu	dapper	*
Gst-plugins-good0.10	Ubuntu	feisty	*
Gst-plugins-good0.10	Ubuntu	gutsy	*
Gst-plugins-good0.10	Ubuntu	hardy	*
Gst-plugins-good0.10	Ubuntu	upstream	*
Libfishsound	Ubuntu	dapper	*
Libfishsound	Ubuntu	edgy	*
Libfishsound	Ubuntu	feisty	*
Libfishsound	Ubuntu	gutsy	*
Libfishsound	Ubuntu	hardy	*
Libfishsound	Ubuntu	upstream	*
Speex	Ubuntu	dapper	*
Speex	Ubuntu	edgy	*
Speex	Ubuntu	feisty	*
Speex	Ubuntu	gutsy	*
Speex	Ubuntu	hardy	*
Speex	Ubuntu	upstream	*
Sweep	Ubuntu	dapper	*
Sweep	Ubuntu	feisty	*
Sweep	Ubuntu	gutsy	*
Sweep	Ubuntu	hardy	*
Sweep	Ubuntu	intrepid	*
Sweep	Ubuntu	upstream	*
Vlc	Ubuntu	dapper	*
Vlc	Ubuntu	devel	*
Vlc	Ubuntu	feisty	*
Vlc	Ubuntu	gutsy	*
Vlc	Ubuntu	hardy	*
Vlc	Ubuntu	intrepid	*
Vlc	Ubuntu	jaunty	*
Vlc	Ubuntu	karmic	*
Vlc	Ubuntu	lucid	*
Vlc	Ubuntu	maverick	*
Vlc	Ubuntu	natty	*
Vlc	Ubuntu	oneiric	*
Vorbis-tools	Ubuntu	dapper	*
Vorbis-tools	Ubuntu	devel	*
Vorbis-tools	Ubuntu	feisty	*
Vorbis-tools	Ubuntu	gutsy	*
Vorbis-tools	Ubuntu	hardy	*
Vorbis-tools	Ubuntu	intrepid	*
Vorbis-tools	Ubuntu	jaunty	*
Vorbis-tools	Ubuntu	karmic	*
Vorbis-tools	Ubuntu	lucid	*
Vorbis-tools	Ubuntu	maverick	*
Vorbis-tools	Ubuntu	natty	*
Vorbis-tools	Ubuntu	oneiric	*
Xine-lib	Ubuntu	dapper	*
Xine-lib	Ubuntu	feisty	*
Xine-lib	Ubuntu	gutsy	*
Xine-lib	Ubuntu	hardy	*
Xine-lib	Ubuntu	upstream	*
Xmms-speex	Ubuntu	feisty	*
Xmms-speex	Ubuntu	gutsy	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1686
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References