Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to xiph - libfishsound

cve-2008-1686

Vulnerability from cvelistv5

Published

2008-04-08 18:00

Modified

2024-08-07 08:32

Severity ?

Summary

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

References

▼	URL	Tags
	http://www.ubuntu.com/usn/usn-611-1	vendor-advisory, x_refsource_UBUNTU
	http://sourceforge.net/project/shownotes.php?release_id=592185	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/491009/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/1302/references	vdb-entry, x_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:124	vendor-advisory, x_refsource_MANDRIVA
	http://www.securitytracker.com/id?1019875	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/29878	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29898	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2008/1269/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/29866	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1586	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/30117	third-party-advisory, x_refsource_SECUNIA
	http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/30104	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1300/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/29727	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1301/references	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/usn-611-3	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/29672	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2008/dsa-1585	vendor-advisory, x_refsource_DEBIAN
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:092	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/30353	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41684	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/29835	third-party-advisory, x_refsource_SECUNIA
	http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655	x_refsource_CONFIRM
	http://secunia.com/advisories/29880	third-party-advisory, x_refsource_SECUNIA
	http://blog.kfish.org/2008/04/release-libfishsound-091.html	x_refsource_CONFIRM
	http://secunia.com/advisories/31393	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026	vdb-entry, signature, x_refsource_OVAL
	http://www.ocert.org/advisories/ocert-2008-2.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2008/1228/references	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2008/dsa-1584	vendor-advisory, x_refsource_DEBIAN
	http://www.ocert.org/advisories/ocert-2008-004.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2008/1268/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/29845	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-611-2	vendor-advisory, x_refsource_UBUNTU
	http://www.redhat.com/support/errata/RHSA-2008-0235.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/30358	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29854	third-party-advisory, x_refsource_SECUNIA
	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836	vendor-advisory, x_refsource_SLACKWARE
	http://www.vupen.com/english/advisories/2008/1187/references	vdb-entry, x_refsource_VUPEN
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:094	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/29881	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:093	vendor-advisory, x_refsource_MANDRIVA
	http://security.gentoo.org/glsa/glsa-200804-17.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/30119	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/28665	vdb-entry, x_refsource_BID
	http://www.metadecks.org/software/sweep/news.html	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html	vendor-advisory, x_refsource_FEDORA
	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/29882	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-635-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/30337	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30581	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2008_13_sr.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/30717	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T08:32:01.268Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-611-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-611-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://sourceforge.net/project/shownotes.php?release_id=592185",
               },
               {
                  name: "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/491009/100/0/threaded",
               },
               {
                  name: "ADV-2008-1302",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1302/references",
               },
               {
                  name: "MDVSA-2008:124",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124",
               },
               {
                  name: "1019875",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1019875",
               },
               {
                  name: "29878",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29878",
               },
               {
                  name: "29898",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29898",
               },
               {
                  name: "FEDORA-2008-3103",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html",
               },
               {
                  name: "ADV-2008-1269",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1269/references",
               },
               {
                  name: "29866",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29866",
               },
               {
                  name: "DSA-1586",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2008/dsa-1586",
               },
               {
                  name: "30117",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30117",
               },
               {
                  name: "[Speex-dev] 20080406 libfishsound 0.9.1 Release",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html",
               },
               {
                  name: "30104",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30104",
               },
               {
                  name: "ADV-2008-1300",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1300/references",
               },
               {
                  name: "29727",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29727",
               },
               {
                  name: "ADV-2008-1301",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1301/references",
               },
               {
                  name: "USN-611-3",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-611-3",
               },
               {
                  name: "29672",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29672",
               },
               {
                  name: "SUSE-SR:2008:012",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html",
               },
               {
                  name: "DSA-1585",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2008/dsa-1585",
               },
               {
                  name: "MDVSA-2008:092",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092",
               },
               {
                  name: "30353",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30353",
               },
               {
                  name: "fishsound-libfishsound-speex-bo(41684)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684",
               },
               {
                  name: "29835",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29835",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655",
               },
               {
                  name: "29880",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29880",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://blog.kfish.org/2008/04/release-libfishsound-091.html",
               },
               {
                  name: "31393",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31393",
               },
               {
                  name: "oval:org.mitre.oval:def:10026",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ocert.org/advisories/ocert-2008-2.html",
               },
               {
                  name: "ADV-2008-1228",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1228/references",
               },
               {
                  name: "DSA-1584",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2008/dsa-1584",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ocert.org/advisories/ocert-2008-004.html",
               },
               {
                  name: "ADV-2008-1268",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1268/references",
               },
               {
                  name: "29845",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29845",
               },
               {
                  name: "USN-611-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-611-2",
               },
               {
                  name: "RHSA-2008:0235",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0235.html",
               },
               {
                  name: "30358",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30358",
               },
               {
                  name: "29854",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29854",
               },
               {
                  name: "SSA:2008-111-01",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SLACKWARE",
                     "x_transferred",
                  ],
                  url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836",
               },
               {
                  name: "ADV-2008-1187",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1187/references",
               },
               {
                  name: "MDVSA-2008:094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094",
               },
               {
                  name: "29881",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29881",
               },
               {
                  name: "MDVSA-2008:093",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093",
               },
               {
                  name: "GLSA-200804-17",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200804-17.xml",
               },
               {
                  name: "30119",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30119",
               },
               {
                  name: "28665",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/28665",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.metadecks.org/software/sweep/news.html",
               },
               {
                  name: "FEDORA-2008-3191",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html",
               },
               {
                  name: "FEDORA-2008-3059",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html",
               },
               {
                  name: "29882",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/29882",
               },
               {
                  name: "USN-635-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-635-1",
               },
               {
                  name: "30337",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30337",
               },
               {
                  name: "30581",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30581",
               },
               {
                  name: "SUSE-SR:2008:013",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://www.novell.com/linux/security/advisories/2008_13_sr.html",
               },
               {
                  name: "30717",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30717",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-04-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-11T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "USN-611-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-611-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://sourceforge.net/project/shownotes.php?release_id=592185",
            },
            {
               name: "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/491009/100/0/threaded",
            },
            {
               name: "ADV-2008-1302",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1302/references",
            },
            {
               name: "MDVSA-2008:124",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124",
            },
            {
               name: "1019875",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1019875",
            },
            {
               name: "29878",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29878",
            },
            {
               name: "29898",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29898",
            },
            {
               name: "FEDORA-2008-3103",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html",
            },
            {
               name: "ADV-2008-1269",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1269/references",
            },
            {
               name: "29866",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29866",
            },
            {
               name: "DSA-1586",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2008/dsa-1586",
            },
            {
               name: "30117",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30117",
            },
            {
               name: "[Speex-dev] 20080406 libfishsound 0.9.1 Release",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html",
            },
            {
               name: "30104",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30104",
            },
            {
               name: "ADV-2008-1300",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1300/references",
            },
            {
               name: "29727",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29727",
            },
            {
               name: "ADV-2008-1301",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1301/references",
            },
            {
               name: "USN-611-3",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-611-3",
            },
            {
               name: "29672",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29672",
            },
            {
               name: "SUSE-SR:2008:012",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html",
            },
            {
               name: "DSA-1585",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2008/dsa-1585",
            },
            {
               name: "MDVSA-2008:092",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092",
            },
            {
               name: "30353",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30353",
            },
            {
               name: "fishsound-libfishsound-speex-bo(41684)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684",
            },
            {
               name: "29835",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29835",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655",
            },
            {
               name: "29880",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29880",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://blog.kfish.org/2008/04/release-libfishsound-091.html",
            },
            {
               name: "31393",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31393",
            },
            {
               name: "oval:org.mitre.oval:def:10026",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ocert.org/advisories/ocert-2008-2.html",
            },
            {
               name: "ADV-2008-1228",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1228/references",
            },
            {
               name: "DSA-1584",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2008/dsa-1584",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ocert.org/advisories/ocert-2008-004.html",
            },
            {
               name: "ADV-2008-1268",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1268/references",
            },
            {
               name: "29845",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29845",
            },
            {
               name: "USN-611-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-611-2",
            },
            {
               name: "RHSA-2008:0235",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0235.html",
            },
            {
               name: "30358",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30358",
            },
            {
               name: "29854",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29854",
            },
            {
               name: "SSA:2008-111-01",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
               ],
               url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836",
            },
            {
               name: "ADV-2008-1187",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1187/references",
            },
            {
               name: "MDVSA-2008:094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094",
            },
            {
               name: "29881",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29881",
            },
            {
               name: "MDVSA-2008:093",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093",
            },
            {
               name: "GLSA-200804-17",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200804-17.xml",
            },
            {
               name: "30119",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30119",
            },
            {
               name: "28665",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/28665",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.metadecks.org/software/sweep/news.html",
            },
            {
               name: "FEDORA-2008-3191",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html",
            },
            {
               name: "FEDORA-2008-3059",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html",
            },
            {
               name: "29882",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/29882",
            },
            {
               name: "USN-635-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-635-1",
            },
            {
               name: "30337",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30337",
            },
            {
               name: "30581",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30581",
            },
            {
               name: "SUSE-SR:2008:013",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://www.novell.com/linux/security/advisories/2008_13_sr.html",
            },
            {
               name: "30717",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30717",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2008-1686",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-611-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-611-1",
                  },
                  {
                     name: "http://sourceforge.net/project/shownotes.php?release_id=592185",
                     refsource: "CONFIRM",
                     url: "http://sourceforge.net/project/shownotes.php?release_id=592185",
                  },
                  {
                     name: "20080417 [oCERT-2008-004] multiple speex implementations insufficientboundary checks",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/491009/100/0/threaded",
                  },
                  {
                     name: "ADV-2008-1302",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1302/references",
                  },
                  {
                     name: "MDVSA-2008:124",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124",
                  },
                  {
                     name: "1019875",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1019875",
                  },
                  {
                     name: "29878",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29878",
                  },
                  {
                     name: "29898",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29898",
                  },
                  {
                     name: "FEDORA-2008-3103",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html",
                  },
                  {
                     name: "ADV-2008-1269",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1269/references",
                  },
                  {
                     name: "29866",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29866",
                  },
                  {
                     name: "DSA-1586",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2008/dsa-1586",
                  },
                  {
                     name: "30117",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30117",
                  },
                  {
                     name: "[Speex-dev] 20080406 libfishsound 0.9.1 Release",
                     refsource: "MLIST",
                     url: "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html",
                  },
                  {
                     name: "30104",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30104",
                  },
                  {
                     name: "ADV-2008-1300",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1300/references",
                  },
                  {
                     name: "29727",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29727",
                  },
                  {
                     name: "ADV-2008-1301",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1301/references",
                  },
                  {
                     name: "USN-611-3",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-611-3",
                  },
                  {
                     name: "29672",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29672",
                  },
                  {
                     name: "SUSE-SR:2008:012",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html",
                  },
                  {
                     name: "DSA-1585",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2008/dsa-1585",
                  },
                  {
                     name: "MDVSA-2008:092",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092",
                  },
                  {
                     name: "30353",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30353",
                  },
                  {
                     name: "fishsound-libfishsound-speex-bo(41684)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684",
                  },
                  {
                     name: "29835",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29835",
                  },
                  {
                     name: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655",
                     refsource: "CONFIRM",
                     url: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655",
                  },
                  {
                     name: "29880",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29880",
                  },
                  {
                     name: "http://blog.kfish.org/2008/04/release-libfishsound-091.html",
                     refsource: "CONFIRM",
                     url: "http://blog.kfish.org/2008/04/release-libfishsound-091.html",
                  },
                  {
                     name: "31393",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/31393",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10026",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026",
                  },
                  {
                     name: "http://www.ocert.org/advisories/ocert-2008-2.html",
                     refsource: "MISC",
                     url: "http://www.ocert.org/advisories/ocert-2008-2.html",
                  },
                  {
                     name: "ADV-2008-1228",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1228/references",
                  },
                  {
                     name: "DSA-1584",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2008/dsa-1584",
                  },
                  {
                     name: "http://www.ocert.org/advisories/ocert-2008-004.html",
                     refsource: "MISC",
                     url: "http://www.ocert.org/advisories/ocert-2008-004.html",
                  },
                  {
                     name: "ADV-2008-1268",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1268/references",
                  },
                  {
                     name: "29845",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29845",
                  },
                  {
                     name: "USN-611-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-611-2",
                  },
                  {
                     name: "RHSA-2008:0235",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0235.html",
                  },
                  {
                     name: "30358",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30358",
                  },
                  {
                     name: "29854",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29854",
                  },
                  {
                     name: "SSA:2008-111-01",
                     refsource: "SLACKWARE",
                     url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836",
                  },
                  {
                     name: "ADV-2008-1187",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1187/references",
                  },
                  {
                     name: "MDVSA-2008:094",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094",
                  },
                  {
                     name: "29881",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29881",
                  },
                  {
                     name: "MDVSA-2008:093",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093",
                  },
                  {
                     name: "GLSA-200804-17",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200804-17.xml",
                  },
                  {
                     name: "30119",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30119",
                  },
                  {
                     name: "28665",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/28665",
                  },
                  {
                     name: "http://www.metadecks.org/software/sweep/news.html",
                     refsource: "CONFIRM",
                     url: "http://www.metadecks.org/software/sweep/news.html",
                  },
                  {
                     name: "FEDORA-2008-3191",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html",
                  },
                  {
                     name: "FEDORA-2008-3059",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html",
                  },
                  {
                     name: "29882",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/29882",
                  },
                  {
                     name: "USN-635-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-635-1",
                  },
                  {
                     name: "30337",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30337",
                  },
                  {
                     name: "30581",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30581",
                  },
                  {
                     name: "SUSE-SR:2008:013",
                     refsource: "SUSE",
                     url: "http://www.novell.com/linux/security/advisories/2008_13_sr.html",
                  },
                  {
                     name: "30717",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30717",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2008-1686",
      datePublished: "2008-04-08T18:00:00",
      dateReserved: "2008-04-06T00:00:00",
      dateUpdated: "2024-08-07T08:32:01.268Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd

Published

2008-04-08 18:05

Modified

2024-11-21 00:45

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blog.kfish.org/2008/04/release-libfishsound-091.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
cve@mitre.org	http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
cve@mitre.org	http://secunia.com/advisories/29672	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29727	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29835	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29845	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29854	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29866	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29878	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29880	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29881	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29882	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29898	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30104	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30117	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30119	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30337
cve@mitre.org	http://secunia.com/advisories/30353	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30358	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30581	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30717
cve@mitre.org	http://secunia.com/advisories/31393	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200804-17.xml
cve@mitre.org	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=592185
cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
cve@mitre.org	http://www.debian.org/security/2008/dsa-1584	Patch
cve@mitre.org	http://www.debian.org/security/2008/dsa-1585	Patch
cve@mitre.org	http://www.debian.org/security/2008/dsa-1586
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
cve@mitre.org	http://www.metadecks.org/software/sweep/news.html
cve@mitre.org	http://www.novell.com/linux/security/advisories/2008_13_sr.html
cve@mitre.org	http://www.ocert.org/advisories/ocert-2008-004.html
cve@mitre.org	http://www.ocert.org/advisories/ocert-2008-2.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0235.html
cve@mitre.org	http://www.securityfocus.com/archive/1/491009/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/28665	Patch
cve@mitre.org	http://www.securitytracker.com/id?1019875
cve@mitre.org	http://www.ubuntu.com/usn/usn-611-1
cve@mitre.org	http://www.ubuntu.com/usn/usn-611-2
cve@mitre.org	http://www.ubuntu.com/usn/usn-611-3
cve@mitre.org	http://www.ubuntu.com/usn/usn-635-1
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1187/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1228/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1268/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1269/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1300/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1301/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1302/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html
af854a3a-2127-422b-91ae-364da2661108	http://blog.kfish.org/2008/04/release-libfishsound-091.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29672	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29727	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29835	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29845	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29854	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29866	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29878	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29880	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29881	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29882	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29898	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30104	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30117	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30119	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30337
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30353	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30358	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30581	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30717
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31393	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200804-17.xml
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=592185
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1584	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1585	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1586
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
af854a3a-2127-422b-91ae-364da2661108	http://www.metadecks.org/software/sweep/news.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2008_13_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.ocert.org/advisories/ocert-2008-004.html
af854a3a-2127-422b-91ae-364da2661108	http://www.ocert.org/advisories/ocert-2008-2.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0235.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/491009/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28665	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019875
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-611-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-611-2
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-611-3
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-635-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1187/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1228/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1268/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1269/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1300/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1301/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1302/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html

Impacted products

Vendor	Product	Version
xine	xine-lib	*
xine	xine-lib	0.9.8
xine	xine-lib	0.9.13
xine	xine-lib	0.99
xine	xine-lib	1.0
xine	xine-lib	1.0.1
xine	xine-lib	1.0.2
xine	xine-lib	1.0.3a
xine	xine-lib	1.1.0
xine	xine-lib	1.1.1
xine	xine-lib	1.1.10
xine	xine-lib	1.1.10.1
xine	xine-lib	1.1.11
xiph	speex	*
xiph	speex	1.0.2
xiph	speex	1.0.3
xiph	speex	1.0.4
xiph	speex	1.0.5
xiph	speex	1.1.1
xiph	speex	1.1.2
xiph	speex	1.1.3
xiph	speex	1.1.4
xiph	speex	1.1.5
xiph	speex	1.1.6
xiph	speex	1.1.7
xiph	speex	1.1.8
xiph	speex	1.1.9
xiph	speex	1.1.10
xiph	speex	1.1.11
xiph	speex	1.1.11.1
xiph	libfishsound	*
xiph	libfishsound	0.5.41
xiph	libfishsound	0.5.42
xiph	libfishsound	0.6.0
xiph	libfishsound	0.6.1
xiph	libfishsound	0.6.2
xiph	libfishsound	0.6.3
xiph	libfishsound	0.7.0
xiph	libfishsound	0.8.0
xiph	libfishsound	0.8.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4432BC00-44D6-4ED9-B642-1BF8C81B6EAD",
                     versionEndIncluding: "1.1.11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEB839B0-408E-4D96-B576-D9300082B7A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FEDBE74-5040-4E61-A34A-2BC36A2A129F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8D402CB-4DED-4525-AF38-B5EC73C39E55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A905719D-4520-4374-B3A7-55034728B85C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2899EF34-824B-4893-8636-64A83EC5885B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EB8D295-B589-4E88-8FEE-DDD1591D9189",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAB10333-6C25-4359-BB3F-D76468170825",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2377493B-8CC0-414B-AA5F-B7777C852195",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "AFC149FA-B916-4844-AD98-B7827116C803",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2BBF4E9-6090-4ED3-8A12-09396E660505",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA642532-365F-4981-BA09-A56D3628271C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C3B238B-BE7C-4912-A56A-95DE5051846E",
                     versionEndIncluding: "1.1.12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "95BC5FA0-E710-42D4-8BF0-4D30BC44C833",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8789D167-6DF2-46B7-ABA2-717E141738BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B93DC9BF-7CA8-4729-9A3D-F1CB711E1D37",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "F04629EA-2BE2-42D5-9AC7-DDC7AB1818FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3873FDB9-80A9-4968-B0DC-84201AE1C78C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7339D59-8049-4172-BB68-134F9B50E896",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D762BB7-7A35-4D2A-9EC7-A328197F1EAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "46825B5B-B8A2-4FEB-991D-F2AE174A8C3F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D3BC3CC-07AA-445F-8913-E1FABC60C2AF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ACE9F82-E352-47C7-BA34-C97E4FB759FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CFF577A-41DB-49B8-BA00-00650DA10DF1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "9655A71E-C2E4-4003-BBA7-05BD29375621",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E545096-41AC-4DF0-92B4-747CC1F1FE0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "08E27446-B68B-4213-9FD1-3C3A8941BA24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A0B0BC2-C155-460B-A8CB-0CF0C04896BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BA06646-FCDF-427D-84B1-99D8C6889CC7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "68C981F1-832E-46A5-99CB-ECC3B46D21DD",
                     versionEndIncluding: "0.9.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE5D47C5-1171-4A95-82CC-DA965D893F7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*",
                     matchCriteriaId: "585368E9-36BB-45F6-A427-AF8578AA9347",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "72C4DD65-8354-40DE-B05F-6742A67C8BCF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "55901750-2FB5-4C4E-A1C9-8204D16FEBC1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "022A0430-895C-46EA-A0C6-BA7492443901",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "9CCA2B56-BB40-40AD-97F8-3AFCD2A66C1F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "76C7D68C-FEA1-4DC6-9FC4-A32AF894472C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0B42ED6-243E-427D-86F3-46EEC0DF282D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "30743A63-4AA4-4812-9026-04A8FC1308ED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de índice de matriz en Speex versión 1.1.12 y anteriores, tal y como es usado en libfishsound versión 0.9.0 y anteriores, incluyendo Illiminable DirectShow Filters y Annodex Plugins para Firefox, xine-lib versiones anteriores a 1.1.12, y muchos otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de una estructura de encabezado que contiene un desplazamiento negativo, que se utiliza para desreferenciar un puntero de función.",
      },
   ],
   id: "CVE-2008-1686",
   lastModified: "2024-11-21T00:45:05.803",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-04-08T18:05:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://blog.kfish.org/2008/04/release-libfishsound-091.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29672",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29727",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29835",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29845",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29854",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29866",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29878",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29880",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29881",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29882",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29898",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30104",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30117",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30119",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/30337",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30353",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30358",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30581",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/30717",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31393",
      },
      {
         source: "cve@mitre.org",
         url: "http://security.gentoo.org/glsa/glsa-200804-17.xml",
      },
      {
         source: "cve@mitre.org",
         url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836",
      },
      {
         source: "cve@mitre.org",
         url: "http://sourceforge.net/project/shownotes.php?release_id=592185",
      },
      {
         source: "cve@mitre.org",
         url: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2008/dsa-1584",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2008/dsa-1585",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2008/dsa-1586",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.metadecks.org/software/sweep/news.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.novell.com/linux/security/advisories/2008_13_sr.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ocert.org/advisories/ocert-2008-004.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ocert.org/advisories/ocert-2008-2.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0235.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/491009/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/28665",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1019875",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/usn-611-1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/usn-611-2",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/usn-611-3",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ubuntu.com/usn/usn-635-1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2008/1187/references",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2008/1228/references",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2008/1268/references",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2008/1269/references",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2008/1300/references",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2008/1301/references",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2008/1302/references",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://blog.kfish.org/2008/04/release-libfishsound-091.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29672",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29727",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29835",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29845",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29854",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29866",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29878",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29880",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29881",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29882",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/29898",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30104",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30117",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30119",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30337",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30353",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30358",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30581",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30717",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31393",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200804-17.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sourceforge.net/project/shownotes.php?release_id=592185",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2008/dsa-1584",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2008/dsa-1585",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2008/dsa-1586",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:092",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:093",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:124",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.metadecks.org/software/sweep/news.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.novell.com/linux/security/advisories/2008_13_sr.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ocert.org/advisories/ocert-2008-004.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ocert.org/advisories/ocert-2008-2.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0235.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/491009/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/28665",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1019875",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-611-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-611-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-611-3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-635-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1187/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1228/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1268/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1269/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1300/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1301/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1302/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41684",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-189",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}