2008-04-08 20:05:00 2018-10-11 22:36:20

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Xiph Speex 1.1.10 (not an official CPE) Xiph Speex 1.1.9 (not an official CPE) Xiph Speex 1.1.7 (not an official CPE) Xiph Speex 1.1.8 (not an official CPE) Xiph Speex 1.1.6 (not an official CPE) Xiph Speex 1.1.5 (not an official CPE) Xiph Speex 1.1.4 (not an official CPE) Xiph Speex 1.1.3 (not an official CPE) Xiph Speex 1.1.2 (not an official CPE) Xiph Speex 1.1.1 (not an official CPE) Xiph Speex 1.0.5 (not an official CPE) Xiph Speex 1.0.4 (not an official CPE) Xiph Speex 1.0.3 (not an official CPE) Xiph Speex 1.0.2 (not an official CPE) Xiph Libfishsound 0.9.0 (not an official CPE) Xiph Libfishsound 0.8.1 (not an official CPE) Xiph Libfishsound 0.8.0 (not an official CPE) Xiph Libfishsound 0.7.0 (not an official CPE) Xiph Libfishsound 0.6.3 (not an official CPE) Xiph Libfishsound 0.6.2 (not an official CPE) Xiph Libfishsound 0.6.1 (not an official CPE) Xiph Libfishsound 0.6.0 (not an official CPE) Xiph Libfishsound 0.5.42 (not an official CPE) Xiph Libfishsound 0.5.41 (not an official CPE) Xine Xine-lib 1.1.11.1 (not an official CPE) Xine Xine-lib 1.1.11 (not an official CPE) Xine Xine-lib 1.1.10.1 (not an official CPE) Xine Xine-lib 1.1.10 (not an official CPE) Xine Xine-lib 1.1.1 (not an official CPE) Xine Xine-lib 1.1.0 (not an official CPE) Xine Xine-lib 1.0.3a (not an official CPE) Xine Xine-lib 1.0.2 (not an official CPE) Xine Xine-lib 1.0.1 (not an official CPE) Xine Xine-lib 1.0 (not an official CPE) Xiph Speex 1.1.11 (not an official CPE) Xine Xine-lib 0.99 (not an official CPE) Xine Xine-lib 0.9.13 (not an official CPE) Xine Xine-lib 0.9.8 (not an official CPE) Xiph Speex 1.1.11.1 (not an official CPE) Xiph Speex 1.1.12 (not an official CPE)