CVE-2008-1686

EPSS 5.9%

libfishsound - integer overflow

發布日:2008/4/8修改日:2026/3/9

也稱為:DSA-1584-1DEBIAN-CVE-2008-1686

描述

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

受影響套件(6)

Debian/libfishsoundfrom 0, < 0.7.0-2.2
Debian/libfishsoundfrom 0, < 0.7.0-2etch1
Debian/libfishsoundfrom 0, < 0.7.0-2.1+lenny1
Debian/speexfrom 0, < 1.2~beta2-1
Debian/speexfrom 0, < 1.1.12-3etch1
Debian/speexfrom 0, < 1.1.12-3+lenny1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-1686