CVE-2008-1686 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-1686 Interim 1 10 2022-10-15T18:23:42Z current 2021-05-30T12:42:22Z 2022-10-15T18:23:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-1686 Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html E-Mail link for SUSE-SR:2008:012 https://lists.opensuse.org/opensuse-security-announce/2008-06/msg00004.html E-Mail link for SUSE-SR:2008:013 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 openSUSE Tumbleweed gstreamer-0_10-plugins-good-0.10.17-1.1.126 gstreamer-0_10-plugins-good-0.10.30-5.12.15 gstreamer-0_10-plugins-good-0.10.30-5.8.11 gstreamer-0_10-plugins-good-doc-0.10.17-1.1.126 gstreamer-0_10-plugins-good-doc-0.10.30-5.12.15 gstreamer-0_10-plugins-good-doc-0.10.30-5.8.11 gstreamer-0_10-plugins-good-lang-0.10.17-1.1.126 gstreamer-0_10-plugins-good-lang-0.10.30-5.12.15 gstreamer-0_10-plugins-good-lang-0.10.30-5.8.11 gstreamer-plugins-good-1.18.5-2.1 gstreamer-plugins-good-32bit-1.18.5-2.1 gstreamer-plugins-good-extra-1.18.5-2.1 gstreamer-plugins-good-extra-32bit-1.18.5-2.1 gstreamer-plugins-good-gtk-1.18.5-2.1 gstreamer-plugins-good-jack-1.18.5-2.1 gstreamer-plugins-good-jack-32bit-1.18.5-2.1 gstreamer-plugins-good-lang-1.18.5-2.1 gstreamer-plugins-good-qtqml-1.18.5-2.1 libSDL_sound-1_0-1-1.0.3-94.20 libSDL_sound-1_0-1-32bit-1.0.3-94.20 libSDL_sound-devel-1.0.3-94.20 libSDL_sound-devel-32bit-1.0.3-94.20 libxine-devel-1.1.15-23.3.9 libxine1-1.1.15-23.3.9 libxine1-32bit-1.1.15-23.3.9 libxine1-gnome-vfs-1.1.15-23.3.9 libxine1-pulse-1.1.15-23.3.9 vorbis-tools-1.4.0-16.9 vorbis-tools-1.4.0-26.1 vorbis-tools-1.4.2-1.6 vorbis-tools-lang-1.4.0-16.9 vorbis-tools-lang-1.4.0-26.1 vorbis-tools-lang-1.4.2-1.6 vorbis-tools-1.4.0-16.9 as a component of SUSE Linux Enterprise Desktop 12 vorbis-tools-lang-1.4.0-16.9 as a component of SUSE Linux Enterprise Desktop 12 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 gstreamer-0_10-plugins-good-0.10.17-1.1.126 as a component of SUSE Linux Enterprise Server 11 SP1 gstreamer-0_10-plugins-good-doc-0.10.17-1.1.126 as a component of SUSE Linux Enterprise Server 11 SP1 gstreamer-0_10-plugins-good-lang-0.10.17-1.1.126 as a component of SUSE Linux Enterprise Server 11 SP1 gstreamer-0_10-plugins-good-0.10.30-5.8.11 as a component of SUSE Linux Enterprise Server 11 SP2 gstreamer-0_10-plugins-good-doc-0.10.30-5.8.11 as a component of SUSE Linux Enterprise Server 11 SP2 gstreamer-0_10-plugins-good-lang-0.10.30-5.8.11 as a component of SUSE Linux Enterprise Server 11 SP2 gstreamer-0_10-plugins-good-0.10.30-5.8.11 as a component of SUSE Linux Enterprise Server 11 SP3 gstreamer-0_10-plugins-good-doc-0.10.30-5.8.11 as a component of SUSE Linux Enterprise Server 11 SP3 gstreamer-0_10-plugins-good-lang-0.10.30-5.8.11 as a component of SUSE Linux Enterprise Server 11 SP3 gstreamer-0_10-plugins-good-0.10.30-5.12.15 as a component of SUSE Linux Enterprise Server 11 SP4 gstreamer-0_10-plugins-good-doc-0.10.30-5.12.15 as a component of SUSE Linux Enterprise Server 11 SP4 gstreamer-0_10-plugins-good-lang-0.10.30-5.12.15 as a component of SUSE Linux Enterprise Server 11 SP4 vorbis-tools-1.4.0-16.9 as a component of SUSE Linux Enterprise Server 12 vorbis-tools-lang-1.4.0-16.9 as a component of SUSE Linux Enterprise Server 12 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP1 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP1 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP2 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP2 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP3 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP3 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP4 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP4 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP5 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Server 12 SP5 vorbis-tools-1.4.0-26.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 vorbis-tools-lang-1.4.0-26.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libxine-devel-1.1.15-23.3.9 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libxine1-1.1.15-23.3.9 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libxine1-32bit-1.1.15-23.3.9 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libxine1-gnome-vfs-1.1.15-23.3.9 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libxine1-pulse-1.1.15-23.3.9 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gstreamer-plugins-good-1.18.5-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-32bit-1.18.5-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-extra-1.18.5-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-extra-32bit-1.18.5-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-gtk-1.18.5-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-jack-1.18.5-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-jack-32bit-1.18.5-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-lang-1.18.5-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-qtqml-1.18.5-2.1 as a component of openSUSE Tumbleweed libSDL_sound-1_0-1-1.0.3-94.20 as a component of openSUSE Tumbleweed libSDL_sound-1_0-1-32bit-1.0.3-94.20 as a component of openSUSE Tumbleweed libSDL_sound-devel-1.0.3-94.20 as a component of openSUSE Tumbleweed libSDL_sound-devel-32bit-1.0.3-94.20 as a component of openSUSE Tumbleweed vorbis-tools-1.4.2-1.6 as a component of openSUSE Tumbleweed vorbis-tools-lang-1.4.2-1.6 as a component of openSUSE Tumbleweed Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. CVE-2008-1686 SUSE Linux Enterprise Desktop 12:vorbis-tools-1.4.0-16.9 SUSE Linux Enterprise Desktop 12:vorbis-tools-lang-1.4.0-16.9 SUSE Linux Enterprise Desktop 12 SP1:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Desktop 12 SP1:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Desktop 12 SP2:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Desktop 12 SP2:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Desktop 12 SP3:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Desktop 12 SP3:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Desktop 12 SP4:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Desktop 12 SP4:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise High Performance Computing 12 SP5:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise High Performance Computing 12 SP5:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Server 11 SP1:gstreamer-0_10-plugins-good-0.10.17-1.1.126 SUSE Linux Enterprise Server 11 SP1:gstreamer-0_10-plugins-good-doc-0.10.17-1.1.126 SUSE Linux Enterprise Server 11 SP1:gstreamer-0_10-plugins-good-lang-0.10.17-1.1.126 SUSE Linux Enterprise Server 11 SP2:gstreamer-0_10-plugins-good-0.10.30-5.8.11 SUSE Linux Enterprise Server 11 SP2:gstreamer-0_10-plugins-good-doc-0.10.30-5.8.11 SUSE Linux Enterprise Server 11 SP2:gstreamer-0_10-plugins-good-lang-0.10.30-5.8.11 SUSE Linux Enterprise Server 11 SP3:gstreamer-0_10-plugins-good-0.10.30-5.8.11 SUSE Linux Enterprise Server 11 SP3:gstreamer-0_10-plugins-good-doc-0.10.30-5.8.11 SUSE Linux Enterprise Server 11 SP3:gstreamer-0_10-plugins-good-lang-0.10.30-5.8.11 SUSE Linux Enterprise Server 11 SP4:gstreamer-0_10-plugins-good-0.10.30-5.12.15 SUSE Linux Enterprise Server 11 SP4:gstreamer-0_10-plugins-good-doc-0.10.30-5.12.15 SUSE Linux Enterprise Server 11 SP4:gstreamer-0_10-plugins-good-lang-0.10.30-5.12.15 SUSE Linux Enterprise Server 12:vorbis-tools-1.4.0-16.9 SUSE Linux Enterprise Server 12:vorbis-tools-lang-1.4.0-16.9 SUSE Linux Enterprise Server 12 SP1:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Server 12 SP1:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Server 12 SP2:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Server 12 SP2:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Server 12 SP3:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Server 12 SP3:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Server 12 SP4:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Server 12 SP4:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Server 12 SP5:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Server 12 SP5:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:vorbis-tools-1.4.0-26.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:vorbis-tools-lang-1.4.0-26.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libxine-devel-1.1.15-23.3.9 SUSE Linux Enterprise Software Development Kit 11 SP4:libxine1-1.1.15-23.3.9 SUSE Linux Enterprise Software Development Kit 11 SP4:libxine1-32bit-1.1.15-23.3.9 SUSE Linux Enterprise Software Development Kit 11 SP4:libxine1-gnome-vfs-1.1.15-23.3.9 SUSE Linux Enterprise Software Development Kit 11 SP4:libxine1-pulse-1.1.15-23.3.9 openSUSE Tumbleweed:gstreamer-plugins-good-1.18.5-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.18.5-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.18.5-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.18.5-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.18.5-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.18.5-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.18.5-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.18.5-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.18.5-2.1 openSUSE Tumbleweed:libSDL_sound-1_0-1-1.0.3-94.20 openSUSE Tumbleweed:libSDL_sound-1_0-1-32bit-1.0.3-94.20 openSUSE Tumbleweed:libSDL_sound-devel-1.0.3-94.20 openSUSE Tumbleweed:libSDL_sound-devel-32bit-1.0.3-94.20 openSUSE Tumbleweed:vorbis-tools-1.4.2-1.6 openSUSE Tumbleweed:vorbis-tools-lang-1.4.2-1.6 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C