CVE-2008-1686

Published Apr 8, 2008
Last updated 6 years ago
CVSS info 9.3
Overview

Description: Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-189
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4432BC00-44D6-4ED9-B642-1BF8C81B6EAD",
            "versionEndIncluding": "1.1.11.1"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEB839B0-408E-4D96-B576-D9300082B7A1"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DF7BC3F-20B1-461A-A799-8A77F3D8CC8E"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FEDBE74-5040-4E61-A34A-2BC36A2A129F"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8D402CB-4DED-4525-AF38-B5EC73C39E55"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A905719D-4520-4374-B3A7-55034728B85C"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2899EF34-824B-4893-8636-64A83EC5885B"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EB8D295-B589-4E88-8FEE-DDD1591D9189"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAB10333-6C25-4359-BB3F-D76468170825"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2377493B-8CC0-414B-AA5F-B7777C852195"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFC149FA-B916-4844-AD98-B7827116C803"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2BBF4E9-6090-4ED3-8A12-09396E660505"
          },
          {
            "criteria": "cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA642532-365F-4981-BA09-A56D3628271C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C3B238B-BE7C-4912-A56A-95DE5051846E",
            "versionEndIncluding": "1.1.12"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95BC5FA0-E710-42D4-8BF0-4D30BC44C833"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8789D167-6DF2-46B7-ABA2-717E141738BE"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B93DC9BF-7CA8-4729-9A3D-F1CB711E1D37"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F04629EA-2BE2-42D5-9AC7-DDC7AB1818FD"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3873FDB9-80A9-4968-B0DC-84201AE1C78C"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7339D59-8049-4172-BB68-134F9B50E896"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D762BB7-7A35-4D2A-9EC7-A328197F1EAB"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46825B5B-B8A2-4FEB-991D-F2AE174A8C3F"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D3BC3CC-07AA-445F-8913-E1FABC60C2AF"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9ACE9F82-E352-47C7-BA34-C97E4FB759FE"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CFF577A-41DB-49B8-BA00-00650DA10DF1"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9655A71E-C2E4-4003-BBA7-05BD29375621"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E545096-41AC-4DF0-92B4-747CC1F1FE0F"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08E27446-B68B-4213-9FD1-3C3A8941BA24"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A0B0BC2-C155-460B-A8CB-0CF0C04896BB"
          },
          {
            "criteria": "cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BA06646-FCDF-427D-84B1-99D8C6889CC7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68C981F1-832E-46A5-99CB-ECC3B46D21DD",
            "versionEndIncluding": "0.9.0"
          },
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE5D47C5-1171-4A95-82CC-DA965D893F7A"
          },
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "585368E9-36BB-45F6-A427-AF8578AA9347"
          },
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72C4DD65-8354-40DE-B05F-6742A67C8BCF"
          },
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55901750-2FB5-4C4E-A1C9-8204D16FEBC1"
          },
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "022A0430-895C-46EA-A0C6-BA7492443901"
          },
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CCA2B56-BB40-40AD-97F8-3AFCD2A66C1F"
          },
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76C7D68C-FEA1-4DC6-9FC4-A32AF894472C"
          },
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0B42ED6-243E-427D-86F3-46EEC0DF282D"
          },
          {
            "criteria": "cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30743A63-4AA4-4812-9026-04A8FC1308ED"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
