CVE-2008-1686

EPSS 5.9%

speex - insufficient boundary check

Published: 4/8/2008Modified: 4/28/2026

Description

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Affected packages (6)

Debian/libfishsoundfrom 0, < 0.7.0-2.2
Debian/libfishsoundfrom 0, < 0.7.0-2etch1
Debian/libfishsoundfrom 0, < 0.7.0-2.1+lenny1
Debian/speexfrom 0, < 1.2~beta2-1
Debian/speexfrom 0, < 1.1.12-3etch1
Debian/speexfrom 0, < 1.1.12-3+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-1686