CVE-2008-1686

N/A Unknown
Published: April 08, 2008 Modified: April 23, 2026
View on NVD

Description

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blog.kfish.org/2008/04/release-libfishsound-091.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Source: cve@mitre.org
http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
Source: cve@mitre.org
http://secunia.com/advisories/29672
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29727
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29835
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29845
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29854
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29866
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29878
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29880
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29881
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29882
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29898
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/30104
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/30117
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/30119
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/30337
Source: cve@mitre.org
http://secunia.com/advisories/30353
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/30358
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/30581
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/30717
Source: cve@mitre.org
http://secunia.com/advisories/31393
Source: cve@mitre.org
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-17.xml
Source: cve@mitre.org
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
Source: cve@mitre.org
http://sourceforge.net/project/shownotes.php?release_id=592185
Source: cve@mitre.org
http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
Source: cve@mitre.org
http://www.debian.org/security/2008/dsa-1584
Source: cve@mitre.org
Patch
http://www.debian.org/security/2008/dsa-1585
Source: cve@mitre.org
Patch
http://www.debian.org/security/2008/dsa-1586
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
Source: cve@mitre.org
http://www.metadecks.org/software/sweep/news.html
Source: cve@mitre.org
http://www.novell.com/linux/security/advisories/2008_13_sr.html
Source: cve@mitre.org
http://www.ocert.org/advisories/ocert-2008-004.html
Source: cve@mitre.org
http://www.ocert.org/advisories/ocert-2008-2.html
Source: cve@mitre.org
http://www.redhat.com/support/errata/RHSA-2008-0235.html
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/491009/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/28665
Source: cve@mitre.org
Patch
http://www.securitytracker.com/id?1019875
Source: cve@mitre.org
http://www.ubuntu.com/usn/usn-611-1
Source: cve@mitre.org
http://www.ubuntu.com/usn/usn-611-2
Source: cve@mitre.org
http://www.ubuntu.com/usn/usn-611-3
Source: cve@mitre.org
http://www.ubuntu.com/usn/usn-635-1
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/1187/references
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/1228/references
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/1268/references
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/1269/references
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/1300/references
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/1301/references
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/1302/references
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html
Source: cve@mitre.org
http://blog.kfish.org/2008/04/release-libfishsound-091.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/29672
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29727
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29835
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29845
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29854
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29866
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29878
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29880
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29881
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29882
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29898
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30104
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30117
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30119
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30337
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30353
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30358
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30581
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30717
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/31393
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-17.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
Source: af854a3a-2127-422b-91ae-364da2661108
http://sourceforge.net/project/shownotes.php?release_id=592185
Source: af854a3a-2127-422b-91ae-364da2661108
http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1584
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.debian.org/security/2008/dsa-1585
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.debian.org/security/2008/dsa-1586
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.metadecks.org/software/sweep/news.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.novell.com/linux/security/advisories/2008_13_sr.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ocert.org/advisories/ocert-2008-004.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ocert.org/advisories/ocert-2008-2.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2008-0235.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/491009/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/28665
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1019875
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-611-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-611-2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-611-3
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-635-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1187/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1228/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1268/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1269/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1300/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1301/references
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1302/references
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html
Source: af854a3a-2127-422b-91ae-364da2661108

116 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
5.2%
90th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-189

Affected Vendors

xiph xine

Related CVEs

CVE-2026-42615 7.2
CVE-2026-23773 4.3
CVE-2026-40560 N/A
CVE-2026-7363 N/A
CVE-2026-7361 N/A