Upstream information

CVE-2008-1686 at MITRE

Description

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entries: 377602 [RESOLVED / FIXED], 379098 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SR:2008:012, published Fri, 06 Jun 2008 16:00:00 +0000
SUSE-SR:2008:013, published Fri, 13 Jun 2008 17:00:00 +0000

List of released packages

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 03:41:36 2013
CVE page last modified: Tue Sep 3 18:12:59 2024

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4	`libxine-devel >= 1.1.15-23.3.9` `libxine1 >= 1.1.15-23.3.9` `libxine1-32bit >= 1.1.15-23.3.9` `libxine1-gnome-vfs >= 1.1.15-23.3.9` `libxine1-pulse >= 1.1.15-23.3.9`	Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA libxine-devel-1.1.15-23.3.9
SUSE Linux Enterprise Desktop 12 SP1	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Desktop 12 SP2	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Desktop 12 SP3	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Desktop 12 SP3 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Desktop 12 SP4	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Desktop 12 SP4 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Desktop 12	`vorbis-tools >= 1.4.0-16.9` `vorbis-tools-lang >= 1.4.0-16.9`	Patchnames: SUSE Linux Enterprise Desktop 12 GA vorbis-tools-1.4.0-16.9
SUSE Linux Enterprise High Performance Computing 12 SP5	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise High Performance Computing 12 SP5 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Server 11 SP1	`gstreamer-0_10-plugins-good >= 0.10.17-1.1.126` `gstreamer-0_10-plugins-good-doc >= 0.10.17-1.1.126` `gstreamer-0_10-plugins-good-lang >= 0.10.17-1.1.126`	Patchnames: SUSE Linux Enterprise Server 11 SP1 GA gstreamer-0_10-plugins-good-0.10.17-1.1.126
SUSE Linux Enterprise Server 11 SP2	`gstreamer-0_10-plugins-good >= 0.10.30-5.8.11` `gstreamer-0_10-plugins-good-doc >= 0.10.30-5.8.11` `gstreamer-0_10-plugins-good-lang >= 0.10.30-5.8.11`	Patchnames: SUSE Linux Enterprise Server 11 SP2 GA gstreamer-0_10-plugins-good-0.10.30-5.8.11
SUSE Linux Enterprise Server 11 SP3	`gstreamer-0_10-plugins-good >= 0.10.30-5.8.11` `gstreamer-0_10-plugins-good-doc >= 0.10.30-5.8.11` `gstreamer-0_10-plugins-good-lang >= 0.10.30-5.8.11`	Patchnames: SUSE Linux Enterprise Server 11 SP3 GA gstreamer-0_10-plugins-good-0.10.30-5.8.11
SUSE Linux Enterprise Server 11 SP4	`gstreamer-0_10-plugins-good >= 0.10.30-5.12.15` `gstreamer-0_10-plugins-good-doc >= 0.10.30-5.12.15` `gstreamer-0_10-plugins-good-lang >= 0.10.30-5.12.15` `libxine-devel >= 1.1.15-23.3.9` `libxine1 >= 1.1.15-23.3.9` `libxine1-32bit >= 1.1.15-23.3.9` `libxine1-gnome-vfs >= 1.1.15-23.3.9` `libxine1-pulse >= 1.1.15-23.3.9`	Patchnames: SUSE Linux Enterprise Server 11 SP4 GA gstreamer-0_10-plugins-good-0.10.30-5.12.15 SUSE Linux Enterprise Software Development Kit 11 SP4 GA libxine-devel-1.1.15-23.3.9
SUSE Linux Enterprise Server 12 SP1	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Server 12 SP1 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Server 12 SP2	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Server 12 SP2 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Server 12 SP3	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Server 12 SP3 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Server 12 SP4	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Server 12 SP4 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Server 12 SP5	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Server 12 SP5 GA vorbis-tools-1.4.0-26.1
SUSE Linux Enterprise Server 12	`vorbis-tools >= 1.4.0-16.9` `vorbis-tools-lang >= 1.4.0-16.9`	Patchnames: SUSE Linux Enterprise Server 12 GA vorbis-tools-1.4.0-16.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2	`vorbis-tools >= 1.4.0-26.1` `vorbis-tools-lang >= 1.4.0-26.1`	Patchnames: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA vorbis-tools-1.4.0-26.1
openSUSE Tumbleweed	`gstreamer-plugins-good >= 1.18.5-2.1` `gstreamer-plugins-good-32bit >= 1.18.5-2.1` `gstreamer-plugins-good-extra >= 1.18.5-2.1` `gstreamer-plugins-good-extra-32bit >= 1.18.5-2.1` `gstreamer-plugins-good-gtk >= 1.18.5-2.1` `gstreamer-plugins-good-jack >= 1.18.5-2.1` `gstreamer-plugins-good-jack-32bit >= 1.18.5-2.1` `gstreamer-plugins-good-lang >= 1.18.5-2.1` `gstreamer-plugins-good-qtqml >= 1.18.5-2.1` `libSDL_sound-1_0-1 >= 1.0.3-94.20` `libSDL_sound-1_0-1-32bit >= 1.0.3-94.20` `libSDL_sound-devel >= 1.0.3-94.20` `libSDL_sound-devel-32bit >= 1.0.3-94.20` `vorbis-tools >= 1.4.2-1.6` `vorbis-tools-lang >= 1.4.2-1.6`	Patchnames: openSUSE-Tumbleweed-2024-10610 openSUSE-Tumbleweed-2024-10829 openSUSE-Tumbleweed-2024-11503