[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1686Date: (C)2008-04-08   (M)2023-12-22


Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019875
http://www.securityfocus.com/archive/1/491009/100/0/threaded
BID-28665
SECUNIA-29672
SECUNIA-29727
SECUNIA-29835
SECUNIA-29845
SECUNIA-29854
SECUNIA-29866
SECUNIA-29878
SECUNIA-29880
SECUNIA-29881
SECUNIA-29882
SECUNIA-29898
SECUNIA-30104
SECUNIA-30117
SECUNIA-30119
SECUNIA-30337
SECUNIA-30353
SECUNIA-30358
SECUNIA-30581
SECUNIA-30717
SECUNIA-31393
ADV-2008-1187
ADV-2008-1228
ADV-2008-1268
ADV-2008-1269
ADV-2008-1300
ADV-2008-1301
ADV-2008-1302
DSA-1584
DSA-1585
DSA-1586
FEDORA-2008-3059
FEDORA-2008-3103
FEDORA-2008-3191
GLSA-200804-17
MDVSA-2008:092
MDVSA-2008:093
MDVSA-2008:094
MDVSA-2008:124
RHSA-2008:0235
SSA:2008-111-01
SUSE-SR:2008:012
SUSE-SR:2008:013
USN-611-1
USN-611-2
USN-611-3
USN-635-1
http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
fishsound-libfishsound-speex-bo(41684)
http://blog.kfish.org/2008/04/release-libfishsound-091.html
http://sourceforge.net/project/shownotes.php?release_id=592185
http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
http://www.metadecks.org/software/sweep/news.html
http://www.ocert.org/advisories/ocert-2008-004.html
http://www.ocert.org/advisories/ocert-2008-2.html
oval:org.mitre.oval:def:10026

CWE    1
CWE-189
OVAL    7
oval:org.secpod.oval:def:301346
oval:org.mitre.oval:def:8197
oval:org.secpod.oval:def:301528
oval:org.mitre.oval:def:7912
...

© SecPod Technologies