Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xine-lib | Xine | * | 1.1.11.1 (including) |
| Xine-lib | Xine | 0.9.8 (including) | 0.9.8 (including) |
| Xine-lib | Xine | 0.9.13 (including) | 0.9.13 (including) |
| Xine-lib | Xine | 0.99 (including) | 0.99 (including) |
| Xine-lib | Xine | 1.0 (including) | 1.0 (including) |
| Xine-lib | Xine | 1.0.1 (including) | 1.0.1 (including) |
| Xine-lib | Xine | 1.0.2 (including) | 1.0.2 (including) |
| Xine-lib | Xine | 1.0.3a (including) | 1.0.3a (including) |
| Xine-lib | Xine | 1.1.0 (including) | 1.1.0 (including) |
| Xine-lib | Xine | 1.1.1 (including) | 1.1.1 (including) |
| Xine-lib | Xine | 1.1.10 (including) | 1.1.10 (including) |
| Xine-lib | Xine | 1.1.10.1 (including) | 1.1.10.1 (including) |
| Xine-lib | Xine | 1.1.11 (including) | 1.1.11 (including) |