Launchpad.net

CVE 2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Related bugs and status

CVE-2008-1686 (Candidate) is related to these bugs:

Bug #93076: Xine bug with Motion JPEG codec.

		In	Importance	Status
93076	Xine bug with Motion JPEG codec.	xine-lib (Ubuntu)	Undecided	Fix Released
93076	Xine bug with Motion JPEG codec.	xine-lib (Baltix)	Undecided	New
93076	Xine bug with Motion JPEG codec.	xine-lib	Medium	Fix Released

Bug #218652: CVE-2008-1686: Multiple speex implementations insufficient boundary checks

		In	Importance	Status
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	speex (Ubuntu)	Undecided	Invalid
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libfishsound (Ubuntu)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libannodex (Ubuntu)	Undecided	Invalid
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	gst-plugins-good0.10 (Ubuntu)	Undecided	Invalid
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libsdl-sound1.2 (Ubuntu)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	sweep (Ubuntu)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vorbis-tools (Ubuntu)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vlc (Ubuntu)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xine-lib (Ubuntu)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xmms-speex (Ubuntu)	Undecided	Invalid
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	gst-plugins-good0.10 (Ubuntu Dapper)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libannodex (Ubuntu Dapper)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libfishsound (Ubuntu Dapper)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libsdl-sound1.2 (Ubuntu Dapper)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	speex (Ubuntu Dapper)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	sweep (Ubuntu Dapper)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vlc (Ubuntu Dapper)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vorbis-tools (Ubuntu Dapper)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xine-lib (Ubuntu Dapper)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xmms-speex (Ubuntu Dapper)	Undecided	Invalid
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	gst-plugins-good0.10 (Ubuntu Feisty)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libannodex (Ubuntu Feisty)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libfishsound (Ubuntu Feisty)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libsdl-sound1.2 (Ubuntu Feisty)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	speex (Ubuntu Feisty)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	sweep (Ubuntu Feisty)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vlc (Ubuntu Feisty)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vorbis-tools (Ubuntu Feisty)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xine-lib (Ubuntu Feisty)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xmms-speex (Ubuntu Feisty)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	gst-plugins-good0.10 (Ubuntu Hardy)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libannodex (Ubuntu Hardy)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libfishsound (Ubuntu Hardy)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libsdl-sound1.2 (Ubuntu Hardy)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	speex (Ubuntu Hardy)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	sweep (Ubuntu Hardy)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vlc (Ubuntu Hardy)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vorbis-tools (Ubuntu Hardy)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xine-lib (Ubuntu Hardy)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xmms-speex (Ubuntu Hardy)	Undecided	Invalid
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	gst-plugins-good0.10 (Ubuntu Gutsy)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libannodex (Ubuntu Gutsy)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libfishsound (Ubuntu Gutsy)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	libsdl-sound1.2 (Ubuntu Gutsy)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	speex (Ubuntu Gutsy)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	sweep (Ubuntu Gutsy)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vlc (Ubuntu Gutsy)	Undecided	Won't Fix
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	vorbis-tools (Ubuntu Gutsy)	Medium	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xine-lib (Ubuntu Gutsy)	Undecided	Fix Released
218652	CVE-2008-1686: Multiple speex implementations insufficient boundary checks	xmms-speex (Ubuntu Gutsy)	Undecided	Won't Fix

Bug #235904: [CVE-2008-1878] Inadequate bounds checking in the NES Sound Format (NSF) demuxer

Summary				In	Importance	Status
	235904	[CVE-2008-1878] Inadequate bounds checking in the NES Sound Format (NSF) demuxer		xine-lib (Ubuntu)	Undecided	Fix Released
	235904	[CVE-2008-1878] Inadequate bounds checking in the NES Sound Format (NSF) demuxer		xine-lib (Baltix)	Undecided	New

Bug #238873: vlc in Hardy needs a security update

		In	Importance	Status
238873	vlc in Hardy needs a security update	vlc (Ubuntu)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Dapper)	Undecided	Invalid
238873	vlc in Hardy needs a security update	vlc (Ubuntu Feisty)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Gutsy)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Intrepid)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Hardy)	High	Fix Released

Bug #922668: Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	922668	Sync xine-lib-1.2 1.2.0-5 (universe) from Debian unstable (main)		xine-lib-1.2 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [Speex-dev] 20080406 l...
MISC: http://www.ocert.org/a...
CONFIRM: http://blog.kfish.org/...
BID: 28665
SECUNIA: 29727
CONFIRM: http://sourceforge.net...
SECUNIA: 29672
MISC: http://www.ocert.org/a...
CONFIRM: http://www.metadecks.o...
FEDORA: FEDORA-2008-3059
FEDORA: FEDORA-2008-3103
FEDORA: FEDORA-2008-3191
GENTOO: GLSA-200804-17
REDHAT: RHSA-2008:0235
SECTRACK: 1019875
SECUNIA: 29835
SECUNIA: 29845
SECUNIA: 29854
SECUNIA: 29866
SECUNIA: 29878
SECUNIA: 29880
SECUNIA: 29881
SECUNIA: 29882
SECUNIA: 29898
MANDRIVA: MDVSA-2008:092
MANDRIVA: MDVSA-2008:093
MANDRIVA: MDVSA-2008:094
UBUNTU: USN-611-1
UBUNTU: USN-611-2
UBUNTU: USN-611-3
SECUNIA: 30104
SECUNIA: 30117
SECUNIA: 30119
DEBIAN: DSA-1584
DEBIAN: DSA-1585
SECUNIA: 30353
SECUNIA: 30358
SUSE: SUSE-SR:2008:012
SECUNIA: 30581
SUSE: SUSE-SR:2008:013
SECUNIA: 30717
UBUNTU: USN-635-1
SECUNIA: 31393
MANDRIVA: MDVSA-2008:124
DEBIAN: DSA-1586
SECUNIA: 30337
VUPEN: ADV-2008-1187
VUPEN: ADV-2008-1228
VUPEN: ADV-2008-1300
VUPEN: ADV-2008-1301
VUPEN: ADV-2008-1302
VUPEN: ADV-2008-1268
VUPEN: ADV-2008-1269
CONFIRM: http://sourceforge.net...
SLACKWARE: SSA:2008-111-01
XF: fishsound-libfishsound...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080417 [oCERT-2008-0...