ID CVE-2008-1686
Summary Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
References
Vulnerable Configurations
  • cpe:2.3:a:xine:xine-lib:0.9.8
    cpe:2.3:a:xine:xine-lib:0.9.8
  • cpe:2.3:a:xine:xine-lib:0.9.13
    cpe:2.3:a:xine:xine-lib:0.9.13
  • cpe:2.3:a:xine:xine-lib:0.99
    cpe:2.3:a:xine:xine-lib:0.99
  • cpe:2.3:a:xine:xine-lib:1.0
    cpe:2.3:a:xine:xine-lib:1.0
  • cpe:2.3:a:xine:xine-lib:1.0.1
    cpe:2.3:a:xine:xine-lib:1.0.1
  • cpe:2.3:a:xine:xine-lib:1.0.2
    cpe:2.3:a:xine:xine-lib:1.0.2
  • cpe:2.3:a:xine:xine-lib:1.0.3a
    cpe:2.3:a:xine:xine-lib:1.0.3a
  • cpe:2.3:a:xine:xine-lib:1.1.0
    cpe:2.3:a:xine:xine-lib:1.1.0
  • cpe:2.3:a:xine:xine-lib:1.1.1
    cpe:2.3:a:xine:xine-lib:1.1.1
  • cpe:2.3:a:xine:xine-lib:1.1.10
    cpe:2.3:a:xine:xine-lib:1.1.10
  • cpe:2.3:a:xine:xine-lib:1.1.10.1
    cpe:2.3:a:xine:xine-lib:1.1.10.1
  • cpe:2.3:a:xine:xine-lib:1.1.11
    cpe:2.3:a:xine:xine-lib:1.1.11
  • cpe:2.3:a:xine:xine-lib:1.1.11.1
    cpe:2.3:a:xine:xine-lib:1.1.11.1
  • cpe:2.3:a:xiph:speex:1.0.2
    cpe:2.3:a:xiph:speex:1.0.2
  • cpe:2.3:a:xiph:speex:1.0.3
    cpe:2.3:a:xiph:speex:1.0.3
  • cpe:2.3:a:xiph:speex:1.0.4
    cpe:2.3:a:xiph:speex:1.0.4
  • cpe:2.3:a:xiph:speex:1.0.5
    cpe:2.3:a:xiph:speex:1.0.5
  • cpe:2.3:a:xiph:speex:1.1.1
    cpe:2.3:a:xiph:speex:1.1.1
  • cpe:2.3:a:xiph:speex:1.1.2
    cpe:2.3:a:xiph:speex:1.1.2
  • cpe:2.3:a:xiph:speex:1.1.3
    cpe:2.3:a:xiph:speex:1.1.3
  • cpe:2.3:a:xiph:speex:1.1.4
    cpe:2.3:a:xiph:speex:1.1.4
  • cpe:2.3:a:xiph:speex:1.1.5
    cpe:2.3:a:xiph:speex:1.1.5
  • cpe:2.3:a:xiph:speex:1.1.6
    cpe:2.3:a:xiph:speex:1.1.6
  • cpe:2.3:a:xiph:speex:1.1.7
    cpe:2.3:a:xiph:speex:1.1.7
  • cpe:2.3:a:xiph:speex:1.1.8
    cpe:2.3:a:xiph:speex:1.1.8
  • cpe:2.3:a:xiph:speex:1.1.9
    cpe:2.3:a:xiph:speex:1.1.9
  • cpe:2.3:a:xiph:speex:1.1.10
    cpe:2.3:a:xiph:speex:1.1.10
  • cpe:2.3:a:xiph:speex:1.1.11
    cpe:2.3:a:xiph:speex:1.1.11
  • cpe:2.3:a:xiph:speex:1.1.11.1
    cpe:2.3:a:xiph:speex:1.1.11.1
  • cpe:2.3:a:xiph:speex:1.1.12
    cpe:2.3:a:xiph:speex:1.1.12
  • cpe:2.3:a:xiph:libfishsound:0.5.41
    cpe:2.3:a:xiph:libfishsound:0.5.41
  • cpe:2.3:a:xiph:libfishsound:0.5.42
    cpe:2.3:a:xiph:libfishsound:0.5.42
  • cpe:2.3:a:xiph:libfishsound:0.6.0
    cpe:2.3:a:xiph:libfishsound:0.6.0
  • cpe:2.3:a:xiph:libfishsound:0.6.1
    cpe:2.3:a:xiph:libfishsound:0.6.1
  • cpe:2.3:a:xiph:libfishsound:0.6.2
    cpe:2.3:a:xiph:libfishsound:0.6.2
  • cpe:2.3:a:xiph:libfishsound:0.6.3
    cpe:2.3:a:xiph:libfishsound:0.6.3
  • cpe:2.3:a:xiph:libfishsound:0.7.0
    cpe:2.3:a:xiph:libfishsound:0.7.0
  • cpe:2.3:a:xiph:libfishsound:0.8.0
    cpe:2.3:a:xiph:libfishsound:0.8.0
  • cpe:2.3:a:xiph:libfishsound:0.8.1
    cpe:2.3:a:xiph:libfishsound:0.8.1
  • cpe:2.3:a:xiph:libfishsound:0.9.0
    cpe:2.3:a:xiph:libfishsound:0.9.0
CVSS
Base: 9.3 (as of 08-04-2008 - 14:43)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1586.NASL
    description Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. The Common Vulnerabilities and Exposures project identifies the following three problems : - CVE-2008-1482 Integer overflow vulnerabilities exist in xine's FLV, QuickTime, RealMedia, MVE and CAK demuxers, as well as the EBML parser used by the Matroska demuxer. These weaknesses allow an attacker to overflow heap buffers and potentially execute arbitrary code by supplying a maliciously crafted file of those types. - CVE-2008-1686 Insufficient input validation in the Speex implementation used by this version of xine enables an invalid array access and the execution of arbitrary code by supplying a maliciously crafted Speex file. - CVE-2008-1878 Inadequate bounds checking in the NES Sound Format (NSF) demuxer enables a stack-based buffer overflow and the execution of arbitrary code through a maliciously crafted NSF file.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32435
    published 2008-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32435
    title Debian DSA-1586-1 : xine-lib - multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XINE-DEVEL-5304.NASL
    description Specially crafted NSF files could potentially be exploited to execute arbitrary code. (CVE-2008-1878) Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. (CVE-2008-1686)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51767
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51767
    title SuSE 10 Security Update : xine (ZYPP Patch Number 5304)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XINE-DEVEL-5205.NASL
    description Specially crafted NSF files could potentially be exploited to execute arbitrary code. (CVE-2008-1878) Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. (CVE-2008-1686)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 32393
    published 2008-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32393
    title SuSE 10 Security Update : xine-lib (ZYPP Patch Number 5205)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XINE-DEVEL-5204.NASL
    description Specially crafted NSF files could potentially be exploited to execute arbitrary code (CVE-2008-1878). Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code (CVE-2008-1686).
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 32392
    published 2008-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32392
    title openSUSE 10 Security Update : xine-devel (xine-devel-5204)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-093.NASL
    description A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The ogg123 application in vorbis-tools is similarly affected by this issue. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 37218
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37218
    title Mandriva Linux Security Advisory : vorbis-tools (MDVSA-2008:093)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0235.NASL
    description Updated speex packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Speex is a patent-free compression format designed especially for speech. The Speex package contains a library for handling Speex files and sample encoder and decoder implementations using this library. The Speex library was found to not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. (CVE-2008-1686) All users of speex are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32000
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32000
    title CentOS 4 / 5 : speex (CESA-2008:0235)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0235.NASL
    description From Red Hat Security Advisory 2008:0235 : Updated speex packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Speex is a patent-free compression format designed especially for speech. The Speex package contains a library for handling Speex files and sample encoder and decoder implementations using this library. The Speex library was found to not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. (CVE-2008-1686) All users of speex are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67684
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67684
    title Oracle Linux 4 / 5 : speex (ELSA-2008-0235)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_VORBIS-TOOLS-5193.NASL
    description Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. (CVE-2008-1686)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 33092
    published 2008-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33092
    title SuSE 10 Security Update : vorbis-tools (ZYPP Patch Number 5193)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-611-2.NASL
    description USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for ogg123, part of vorbis-tools. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 32192
    published 2008-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32192
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : vorbis-tools vulnerability (USN-611-2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3103.NASL
    description Security update: Add mode checks to speex_packet_to_header() to protect applications using speex library and not having proper checks (CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 31980
    published 2008-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31980
    title Fedora 8 : speex-1.2-0.4.beta2 (2008-3103)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3059.NASL
    description CVE-2008-1686 libfishsound: insufficient boundary checks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 31973
    published 2008-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31973
    title Fedora 8 : libfishsound-0.9.1-1.fc8 (2008-3059)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-635-1.NASL
    description Alin Rad Pop discovered an array index vulnerability in the SDP parser. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0073) Luigi Auriemma discovered that xine-lib did not properly check buffer sizes in the RTSP header-handling code. If xine-lib opened an RTSP stream with crafted SDP attributes, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0225, CVE-2008-0238) Damian Frizza and Alfredo Ortega discovered that xine-lib did not properly validate FLAC tags. If a user or automated system were tricked into opening a crafted FLAC file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0486) It was discovered that the ASF demuxer in xine-lib did not properly check the length if the ASF header. If a user or automated system were tricked into opening a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1110) It was discovered that the Matroska demuxer in xine-lib did not properly verify frame sizes. If xine-lib opened a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1161) Luigi Auriemma discovered multiple integer overflows in xine-lib. If a user or automated system were tricked into opening a crafted FLV, MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1482) It was discovered that xine-lib did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1686) Guido Landi discovered a stack-based buffer overflow in xine-lib when processing NSF files. If xine-lib opened a specially crafted NSF file with a long NSF title, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1878). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33940
    published 2008-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33940
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xine-lib vulnerabilities (USN-635-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3117.NASL
    description - Bug #441239 - CVE-2008-1686 speex, libfishsound: insufficient boundary checks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 32382
    published 2008-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32382
    title Fedora 7 : libfishsound-0.9.1-1.fc7 (2008-3117)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0235.NASL
    description Updated speex packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Speex is a patent-free compression format designed especially for speech. The Speex package contains a library for handling Speex files and sample encoder and decoder implementations using this library. The Speex library was found to not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. (CVE-2008-1686) All users of speex are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 31988
    published 2008-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31988
    title RHEL 4 / 5 : speex (RHSA-2008:0235)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-111-01.NASL
    description New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. An overflow was found in the Speex decoder that could lead to a crash or possible execution of arbitrary code. Xine-lib <= 1.1.12 was also found to be vulnerable to a stack-based buffer overflow in the NES demuxer (thanks to milw0rm.com).
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 32033
    published 2008-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32033
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / current : xine-lib (SSA:2008-111-01)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080416_SPEEX_ON_SL4_X.NASL
    description The Speex library was found to not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. (CVE-2008-1686)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60386
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60386
    title Scientific Linux Security Update : speex on SL4.x, SL5.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-611-1.NASL
    description It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 32191
    published 2008-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32191
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : speex vulnerability (USN-611-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7A7C585310A311DD8EB800163E000016.NASL
    description xine Team reports : A new xine-lib version is now available. This release contains a security fix (an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32066
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32066
    title FreeBSD : libxine -- array index vulnerability (7a7c5853-10a3-11dd-8eb8-00163e000016)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_VORBIS-TOOLS-5302.NASL
    description Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. (CVE-2008-1686)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 51764
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51764
    title SuSE 10 Security Update : Ogg Vorbis tools (ZYPP Patch Number 5302)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3191.NASL
    description Security update: Add mode checks to speex_packet_to_header() to protect applications using speex library and not having proper checks (CVE-2008-1686, #441239, https://trac.xiph.org/changeset/14701) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 31982
    published 2008-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31982
    title Fedora 7 : speex-1.2-0.3.beta1 (2008-3191)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200804-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-200804-17 (Speex: User-assisted execution of arbitrary code) oCERT reported that the Speex library does not properly validate the 'mode' value it derives from Speex streams, allowing for array indexing vulnerabilities inside multiple player applications. Within Gentoo, xine-lib, VLC, gst-plugins-speex from the GStreamer Good Plug-ins, vorbis-tools, libfishsound, Sweep, SDL_sound, and speexdec were found to be vulnerable. Impact : A remote attacker could entice a user to open a specially crafted Speex file or network stream with an application listed above. This might lead to the execution of arbitrary code with privileges of the user playing the file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 32010
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32010
    title GLSA-200804-17 : Speex: User-assisted execution of arbitrary code
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-094.NASL
    description A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 37726
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37726
    title Mandriva Linux Security Advisory : speex (MDVSA-2008:094)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GSTREAMER010-PLUGINS-GOOD-5195.NASL
    description Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code (CVE-2008-1686).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 33161
    published 2008-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33161
    title openSUSE 10 Security Update : gstreamer010-plugins-good (gstreamer010-plugins-good-5195)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_VORBIS-TOOLS-5192.NASL
    description Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code (CVE-2008-1686).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 33091
    published 2008-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33091
    title openSUSE 10 Security Update : vorbis-tools (vorbis-tools-5192)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-092.NASL
    description A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The speex plugin in the gstreamer-plugins-good package is similarly affected by this issue. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 36584
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36584
    title Mandriva Linux Security Advisory : gstreamer-plugins-good (MDVSA-2008:092)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-611-3.NASL
    description USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 32193
    published 2008-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32193
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : gst-plugins-good0.10 vulnerability (USN-611-3)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1584.NASL
    description It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32406
    published 2008-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32406
    title Debian DSA-1584-1 : libfishsound - buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GSTREAMER010-PLUGINS-GOOD-5185.NASL
    description Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. (CVE-2008-1686)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 33160
    published 2008-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33160
    title SuSE 10 Security Update : gstreamer010-plugins (ZYPP Patch Number 5185)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-124.NASL
    description A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). Xine-lib is similarly affected by this issue. As well, the previous version of xine as provided in Mandriva Linux 2008.1 would crash when playing matroska files, and a regression was introduced that prevented Amarok from playing m4a files. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37421
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37421
    title Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:124)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1585.NASL
    description It was discovered that speex, the Speex codec command line tools, did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32407
    published 2008-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32407
    title Debian DSA-1585-1 : speex - integer overflow
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_633716FA1F8F11DDB1430211D880E350.NASL
    description Secunia reports : A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative 'modeID' field in the header. Successful exploitation may allow execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 32299
    published 2008-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32299
    title FreeBSD : vorbis-tools -- Speex header processing vulnerability (633716fa-1f8f-11dd-b143-0211d880e350)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SPEEX-5364.NASL
    description Specially crafted files or streams could potentially be abused to trick applications that support speex into executing arbitrary code. (CVE-2008-1686)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 33434
    published 2008-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33434
    title SuSE 10 Security Update : speex (ZYPP Patch Number 5364)
oval via4
accepted 2013-04-29T04:00:35.867-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
family unix
id oval:org.mitre.oval:def:10026
status accepted
submitted 2010-07-09T03:56:16-04:00
title Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
version 24
redhat via4
advisories
bugzilla
id 441239
title CVE-2008-1686 speex, libfishsound: insufficient boundary checks
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment speex is earlier than 0:1.0.4-4.el4_6.1
          oval oval:com.redhat.rhsa:tst:20080235002
        • comment speex is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080235003
      • AND
        • comment speex-devel is earlier than 0:1.0.4-4.el4_6.1
          oval oval:com.redhat.rhsa:tst:20080235004
        • comment speex-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080235005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment speex is earlier than 0:1.0.5-4.el5_1.1
          oval oval:com.redhat.rhsa:tst:20080235007
        • comment speex is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080235008
      • AND
        • comment speex-devel is earlier than 0:1.0.5-4.el5_1.1
          oval oval:com.redhat.rhsa:tst:20080235009
        • comment speex-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080235010
rhsa
id RHSA-2008:0235
released 2008-04-16
severity Important
title RHSA-2008:0235: speex security update (Important)
rpms
  • speex-0:1.0.4-4.el4_6.1
  • speex-devel-0:1.0.4-4.el4_6.1
  • speex-0:1.0.5-4.el5_1.1
  • speex-devel-0:1.0.5-4.el5_1.1
refmap via4
bid 28665
bugtraq 20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks
confirm
debian
  • DSA-1584
  • DSA-1585
  • DSA-1586
fedora
  • FEDORA-2008-3059
  • FEDORA-2008-3103
  • FEDORA-2008-3191
gentoo GLSA-200804-17
mandriva
  • MDVSA-2008:092
  • MDVSA-2008:093
  • MDVSA-2008:094
  • MDVSA-2008:124
misc
mlist [Speex-dev] 20080406 libfishsound 0.9.1 Release
sectrack 1019875
secunia
  • 29672
  • 29727
  • 29835
  • 29845
  • 29854
  • 29866
  • 29878
  • 29880
  • 29881
  • 29882
  • 29898
  • 30104
  • 30117
  • 30119
  • 30337
  • 30353
  • 30358
  • 30581
  • 30717
  • 31393
slackware SSA:2008-111-01
suse
  • SUSE-SR:2008:012
  • SUSE-SR:2008:013
ubuntu
  • USN-611-1
  • USN-611-2
  • USN-611-3
  • USN-635-1
vupen
  • ADV-2008-1187
  • ADV-2008-1228
  • ADV-2008-1268
  • ADV-2008-1269
  • ADV-2008-1300
  • ADV-2008-1301
  • ADV-2008-1302
xf fishsound-libfishsound-speex-bo(41684)
Last major update 19-05-2011 - 00:00
Published 08-04-2008 - 14:05
Last modified 11-10-2018 - 16:36
Back to Top