Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2008-1686

Published: Apr 08, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2008-1686
CWEhttps://cwe.mitre.org/data/definitions/189.html

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Affected Software

Name Vendor Start Version End Version
Xine-lib Xine * 1.1.11.1 (including)
Xine-lib Xine 0.9.8 (including) 0.9.8 (including)
Xine-lib Xine 0.9.13 (including) 0.9.13 (including)
Xine-lib Xine 0.99 (including) 0.99 (including)
Xine-lib Xine 1.0 (including) 1.0 (including)
Xine-lib Xine 1.0.1 (including) 1.0.1 (including)
Xine-lib Xine 1.0.2 (including) 1.0.2 (including)
Xine-lib Xine 1.0.3a (including) 1.0.3a (including)
Xine-lib Xine 1.1.0 (including) 1.1.0 (including)
Xine-lib Xine 1.1.1 (including) 1.1.1 (including)
Xine-lib Xine 1.1.10 (including) 1.1.10 (including)
Xine-lib Xine 1.1.10.1 (including) 1.1.10.1 (including)
Xine-lib Xine 1.1.11 (including) 1.1.11 (including)
Gst-plugins-good0.10 Ubuntu dapper *
Gst-plugins-good0.10 Ubuntu feisty *
Gst-plugins-good0.10 Ubuntu gutsy *
Gst-plugins-good0.10 Ubuntu hardy *
Gst-plugins-good0.10 Ubuntu upstream *
Libfishsound Ubuntu dapper *
Libfishsound Ubuntu edgy *
Libfishsound Ubuntu feisty *
Libfishsound Ubuntu gutsy *
Libfishsound Ubuntu hardy *
Libfishsound Ubuntu upstream *
Speex Ubuntu dapper *
Speex Ubuntu edgy *
Speex Ubuntu feisty *
Speex Ubuntu gutsy *
Speex Ubuntu hardy *
Speex Ubuntu upstream *
Sweep Ubuntu dapper *
Sweep Ubuntu feisty *
Sweep Ubuntu gutsy *
Sweep Ubuntu hardy *
Sweep Ubuntu intrepid *
Sweep Ubuntu upstream *
Vlc Ubuntu dapper *
Vlc Ubuntu devel *
Vlc Ubuntu feisty *
Vlc Ubuntu gutsy *
Vlc Ubuntu hardy *
Vlc Ubuntu intrepid *
Vlc Ubuntu jaunty *
Vlc Ubuntu karmic *
Vlc Ubuntu lucid *
Vlc Ubuntu maverick *
Vlc Ubuntu natty *
Vlc Ubuntu oneiric *
Vorbis-tools Ubuntu dapper *
Vorbis-tools Ubuntu devel *
Vorbis-tools Ubuntu feisty *
Vorbis-tools Ubuntu gutsy *
Vorbis-tools Ubuntu hardy *
Vorbis-tools Ubuntu intrepid *
Vorbis-tools Ubuntu jaunty *
Vorbis-tools Ubuntu karmic *
Vorbis-tools Ubuntu lucid *
Vorbis-tools Ubuntu maverick *
Vorbis-tools Ubuntu natty *
Vorbis-tools Ubuntu oneiric *
Xine-lib Ubuntu dapper *
Xine-lib Ubuntu feisty *
Xine-lib Ubuntu gutsy *
Xine-lib Ubuntu hardy *
Xine-lib Ubuntu upstream *
Xmms-speex Ubuntu feisty *
Xmms-speex Ubuntu gutsy *
Red Hat Enterprise Linux 4 RedHat speex-0:1.0.4-4.el4_6.1 *
Red Hat Enterprise Linux 5 RedHat speex-0:1.0.5-4.el5_1.1 *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use