FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1686

This CVE name corresponds to:

Entered Topic
2008-05-11 vorbis-tools -- Speex header processing vulnerability
2008-04-24 libxine -- array index vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-1686 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-1686
Phase Assigned(20080406)

Description

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

References

Source Reference
BUGTRAQ 20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks
MLIST [Speex-dev] 20080406 libfishsound 0.9.1 Release
MISC http://www.ocert.org/advisories/ocert-2008-2.html
MISC http://www.ocert.org/advisories/ocert-2008-004.html
CONFIRM http://blog.kfish.org/2008/04/release-libfishsound-091.html
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=592185
CONFIRM http://www.metadecks.org/software/sweep/news.html
DEBIAN DSA-1584
DEBIAN DSA-1585
FEDORA FEDORA-2008-3059
FEDORA FEDORA-2008-3103
FEDORA FEDORA-2008-3191
GENTOO GLSA-200804-17
MANDRIVA MDVSA-2008:092
MANDRIVA MDVSA-2008:093
MANDRIVA MDVSA-2008:094
REDHAT RHSA-2008:0235
SLACKWARE SSA:2008-111-01
SUSE SUSE-SR:2008:012
SUSE SUSE-SR:2008:013
UBUNTU USN-611-1
UBUNTU USN-611-2
UBUNTU USN-611-3
BID 28665
FRSIRT ADV-2008-1187
FRSIRT ADV-2008-1228
FRSIRT ADV-2008-1300
FRSIRT ADV-2008-1301
FRSIRT ADV-2008-1302
FRSIRT ADV-2008-1268
FRSIRT ADV-2008-1269
SECTRACK 1019875
SECUNIA 29727
SECUNIA 29672
SECUNIA 29835
SECUNIA 29845
SECUNIA 29854
SECUNIA 29866
SECUNIA 29878
SECUNIA 29880
SECUNIA 29881
SECUNIA 29882
SECUNIA 29898
SECUNIA 30104
SECUNIA 30117
SECUNIA 30119
SECUNIA 30353
SECUNIA 30358
SECUNIA 30581
SECUNIA 30717
XF fishsound-libfishsound-speex-bo(41684)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.