NVD

CVE-2008-1686 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Current Description

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 9.3 HIGH

Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
http://blog.kfish.org/2008/04/release-libfishsound-091.html
http://blog.kfish.org/2008/04/release-libfishsound-091.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
http://secunia.com/advisories/29672	Vendor Advisory
http://secunia.com/advisories/29672	Vendor Advisory
http://secunia.com/advisories/29727	Vendor Advisory
http://secunia.com/advisories/29727	Vendor Advisory
http://secunia.com/advisories/29835	Vendor Advisory
http://secunia.com/advisories/29835	Vendor Advisory
http://secunia.com/advisories/29845	Vendor Advisory
http://secunia.com/advisories/29845	Vendor Advisory
http://secunia.com/advisories/29854	Vendor Advisory
http://secunia.com/advisories/29854	Vendor Advisory
http://secunia.com/advisories/29866	Vendor Advisory
http://secunia.com/advisories/29866	Vendor Advisory
http://secunia.com/advisories/29878	Vendor Advisory
http://secunia.com/advisories/29878	Vendor Advisory
http://secunia.com/advisories/29880	Vendor Advisory
http://secunia.com/advisories/29880	Vendor Advisory
http://secunia.com/advisories/29881	Vendor Advisory
http://secunia.com/advisories/29881	Vendor Advisory
http://secunia.com/advisories/29882	Vendor Advisory
http://secunia.com/advisories/29882	Vendor Advisory
http://secunia.com/advisories/29898	Vendor Advisory
http://secunia.com/advisories/29898	Vendor Advisory
http://secunia.com/advisories/30104	Vendor Advisory
http://secunia.com/advisories/30104	Vendor Advisory
http://secunia.com/advisories/30117	Vendor Advisory
http://secunia.com/advisories/30117	Vendor Advisory
http://secunia.com/advisories/30119	Vendor Advisory
http://secunia.com/advisories/30119	Vendor Advisory
http://secunia.com/advisories/30337
http://secunia.com/advisories/30337
http://secunia.com/advisories/30353	Vendor Advisory
http://secunia.com/advisories/30353	Vendor Advisory
http://secunia.com/advisories/30358	Vendor Advisory
http://secunia.com/advisories/30358	Vendor Advisory
http://secunia.com/advisories/30581	Vendor Advisory
http://secunia.com/advisories/30581	Vendor Advisory
http://secunia.com/advisories/30717
http://secunia.com/advisories/30717
http://secunia.com/advisories/31393	Vendor Advisory
http://secunia.com/advisories/31393	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-17.xml
http://security.gentoo.org/glsa/glsa-200804-17.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
http://sourceforge.net/project/shownotes.php?release_id=592185
http://sourceforge.net/project/shownotes.php?release_id=592185
http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
http://www.debian.org/security/2008/dsa-1584	Patch
http://www.debian.org/security/2008/dsa-1584	Patch
http://www.debian.org/security/2008/dsa-1585	Patch
http://www.debian.org/security/2008/dsa-1585	Patch
http://www.debian.org/security/2008/dsa-1586
http://www.debian.org/security/2008/dsa-1586
http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
http://www.metadecks.org/software/sweep/news.html
http://www.metadecks.org/software/sweep/news.html
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://www.ocert.org/advisories/ocert-2008-004.html
http://www.ocert.org/advisories/ocert-2008-004.html
http://www.ocert.org/advisories/ocert-2008-2.html
http://www.ocert.org/advisories/ocert-2008-2.html
http://www.redhat.com/support/errata/RHSA-2008-0235.html
http://www.redhat.com/support/errata/RHSA-2008-0235.html
http://www.securityfocus.com/archive/1/491009/100/0/threaded
http://www.securityfocus.com/archive/1/491009/100/0/threaded
http://www.securityfocus.com/bid/28665	Patch
http://www.securityfocus.com/bid/28665	Patch
http://www.securitytracker.com/id?1019875
http://www.securitytracker.com/id?1019875
http://www.ubuntu.com/usn/usn-611-1
http://www.ubuntu.com/usn/usn-611-1
http://www.ubuntu.com/usn/usn-611-2
http://www.ubuntu.com/usn/usn-611-2
http://www.ubuntu.com/usn/usn-611-3
http://www.ubuntu.com/usn/usn-611-3
http://www.ubuntu.com/usn/usn-635-1
http://www.ubuntu.com/usn/usn-635-1
http://www.vupen.com/english/advisories/2008/1187/references
http://www.vupen.com/english/advisories/2008/1187/references
http://www.vupen.com/english/advisories/2008/1228/references
http://www.vupen.com/english/advisories/2008/1228/references
http://www.vupen.com/english/advisories/2008/1268/references
http://www.vupen.com/english/advisories/2008/1268/references
http://www.vupen.com/english/advisories/2008/1269/references
http://www.vupen.com/english/advisories/2008/1269/references
http://www.vupen.com/english/advisories/2008/1300/references
http://www.vupen.com/english/advisories/2008/1300/references
http://www.vupen.com/english/advisories/2008/1301/references
http://www.vupen.com/english/advisories/2008/1301/references
http://www.vupen.com/english/advisories/2008/1302/references
http://www.vupen.com/english/advisories/2008/1302/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-189	Numeric Errors	NIST

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

cpe:2.3:a:xine:xine-lib:0.9.8:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:0.9.13:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:0.99:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:1.0:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:1.0.1:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:1.0.2:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:1.0.3a:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:1.1.0:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:1.1.1:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:1.1.10:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:1.1.10.1:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:1.1.11:::::::* Show Matching CPE(s)
cpe:2.3:a:xine:xine-lib:::::::: Show Matching CPE(s)	Up to (including) 1.1.11.1

Configuration 2 ( hide )

AND
OR

cpe:2.3:a:xiph:speex:1.0.2:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.0.3:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.0.4:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.0.5:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.1:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.2:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.3:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.4:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.5:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.6:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.7:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.8:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.9:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.10:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.11:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:1.1.11.1:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:speex:::::::: Show Matching CPE(s)	Up to (including) 1.1.12

cpe:2.3:a:xiph:libfishsound:0.5.41:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:libfishsound:0.5.42:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:libfishsound:0.6.0:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:libfishsound:0.6.1:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:libfishsound:0.6.2:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:libfishsound:0.6.3:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:libfishsound:0.7.0:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:libfishsound:0.8.0:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:libfishsound:0.8.1:::::::* Show Matching CPE(s)
cpe:2.3:a:xiph:libfishsound:::::::: Show Matching CPE(s)	Up to (including) 0.9.0

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

CVE Modified by CVE 11/20/2024 7:45:05 PM

Action	Type	New Value
Added	Reference	http://blog.kfish.org/2008/04/release-libfishsound-091.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Added	Reference	http://lists.xiph.org/pipermail/speex-dev/2008-April/006636.html
Added	Reference	http://secunia.com/advisories/29672
Added	Reference	http://secunia.com/advisories/29727
Added	Reference	http://secunia.com/advisories/29835
Added	Reference	http://secunia.com/advisories/29845
Added	Reference	http://secunia.com/advisories/29854
Added	Reference	http://secunia.com/advisories/29866
Added	Reference	http://secunia.com/advisories/29878
Added	Reference	http://secunia.com/advisories/29880
Added	Reference	http://secunia.com/advisories/29881
Added	Reference	http://secunia.com/advisories/29882
Added	Reference	http://secunia.com/advisories/29898
Added	Reference	http://secunia.com/advisories/30104
Added	Reference	http://secunia.com/advisories/30117
Added	Reference	http://secunia.com/advisories/30119
Added	Reference	http://secunia.com/advisories/30337
Added	Reference	http://secunia.com/advisories/30353
Added	Reference	http://secunia.com/advisories/30358
Added	Reference	http://secunia.com/advisories/30581
Added	Reference	http://secunia.com/advisories/30717
Added	Reference	http://secunia.com/advisories/31393
Added	Reference	http://security.gentoo.org/glsa/glsa-200804-17.xml
Added	Reference	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.460836
Added	Reference	http://sourceforge.net/project/shownotes.php?release_id=592185
Added	Reference	http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
Added	Reference	http://www.debian.org/security/2008/dsa-1584
Added	Reference	http://www.debian.org/security/2008/dsa-1585
Added	Reference	http://www.debian.org/security/2008/dsa-1586
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2008:092
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2008:093
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2008:094
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2008:124
Added	Reference	http://www.metadecks.org/software/sweep/news.html
Added	Reference	http://www.novell.com/linux/security/advisories/2008_13_sr.html
Added	Reference	http://www.ocert.org/advisories/ocert-2008-004.html
Added	Reference	http://www.ocert.org/advisories/ocert-2008-2.html
Added	Reference	http://www.redhat.com/support/errata/RHSA-2008-0235.html
Added	Reference	http://www.securityfocus.com/archive/1/491009/100/0/threaded
Added	Reference	http://www.securityfocus.com/bid/28665
Added	Reference	http://www.securitytracker.com/id?1019875
Added	Reference	http://www.ubuntu.com/usn/usn-611-1
Added	Reference	http://www.ubuntu.com/usn/usn-611-2
Added	Reference	http://www.ubuntu.com/usn/usn-611-3
Added	Reference	http://www.ubuntu.com/usn/usn-635-1
Added	Reference	http://www.vupen.com/english/advisories/2008/1187/references
Added	Reference	http://www.vupen.com/english/advisories/2008/1228/references
Added	Reference	http://www.vupen.com/english/advisories/2008/1268/references
Added	Reference	http://www.vupen.com/english/advisories/2008/1269/references
Added	Reference	http://www.vupen.com/english/advisories/2008/1300/references
Added	Reference	http://www.vupen.com/english/advisories/2008/1301/references
Added	Reference	http://www.vupen.com/english/advisories/2008/1302/references
Added	Reference	https://exchange.xforce.ibmcloud.com/vulnerabilities/41684
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10026
Added	Reference	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00244.html
Added	Reference	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00287.html
Added	Reference	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00357.html

Quick Info

CVE Dictionary Entry:
CVE-2008-1686
NVD Published Date:
04/08/2008
NVD Last Modified:
04/08/2025
Source:
MITRE

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2008-1686 Detail

Current Description

Analysis Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 7:45:05 PM

CVE Modified by MITRE 5/13/2024 9:51:55 PM

CVE Modified by MITRE 10/11/2018 4:36:20 PM

CVE Modified by MITRE 9/28/2017 9:30:49 PM

CVE Modified by MITRE 8/07/2017 9:30:22 PM

Initial CVE Analysis 4/08/2008 2:43:00 PM

Quick Info