Upstream information

CVE-2008-1686 at MITRE

Description

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 377602 [RESOLVED / FIXED], 379098 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • vorbis-tools >= 1.4.0-16.9
  • vorbis-tools-lang >= 1.4.0-16.9
Patchnames:
SUSE Linux Enterprise Desktop 12 GA vorbis-tools
SUSE Linux Enterprise Desktop 12 SP1
  • vorbis-tools >= 1.4.0-26.1
  • vorbis-tools-lang >= 1.4.0-26.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA vorbis-tools
SUSE Linux Enterprise Desktop 12 SP2
  • vorbis-tools >= 1.4.0-26.1
  • vorbis-tools-lang >= 1.4.0-26.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA vorbis-tools
SUSE Linux Enterprise Desktop 12 SP3
  • vorbis-tools >= 1.4.0-26.1
  • vorbis-tools-lang >= 1.4.0-26.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA vorbis-tools
SUSE Linux Enterprise Server 11 SP1
  • gstreamer-0_10-plugins-good >= 0.10.17-1.1.126
  • gstreamer-0_10-plugins-good-doc >= 0.10.17-1.1.126
  • gstreamer-0_10-plugins-good-lang >= 0.10.17-1.1.126
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA gstreamer-0_10-plugins-good
SUSE Linux Enterprise Server 11 SP2
  • gstreamer-0_10-plugins-good >= 0.10.30-5.8.11
  • gstreamer-0_10-plugins-good-doc >= 0.10.30-5.8.11
  • gstreamer-0_10-plugins-good-lang >= 0.10.30-5.8.11
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA gstreamer-0_10-plugins-good
SUSE Linux Enterprise Server 11 SP3
  • gstreamer-0_10-plugins-good >= 0.10.30-5.8.11
  • gstreamer-0_10-plugins-good-doc >= 0.10.30-5.8.11
  • gstreamer-0_10-plugins-good-lang >= 0.10.30-5.8.11
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA gstreamer-0_10-plugins-good
SUSE Linux Enterprise Server 11 SP4
  • gstreamer-0_10-plugins-good >= 0.10.30-5.12.15
  • gstreamer-0_10-plugins-good-doc >= 0.10.30-5.12.15
  • gstreamer-0_10-plugins-good-lang >= 0.10.30-5.12.15
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA gstreamer-0_10-plugins-good
SUSE Linux Enterprise Server 12
  • vorbis-tools >= 1.4.0-16.9
  • vorbis-tools-lang >= 1.4.0-16.9
Patchnames:
SUSE Linux Enterprise Server 12 GA vorbis-tools
SUSE Linux Enterprise Server 12 SP1
  • vorbis-tools >= 1.4.0-26.1
  • vorbis-tools-lang >= 1.4.0-26.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA vorbis-tools
SUSE Linux Enterprise Server 12 SP2
  • vorbis-tools >= 1.4.0-26.1
  • vorbis-tools-lang >= 1.4.0-26.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA vorbis-tools
SUSE Linux Enterprise Server 12 SP3
  • vorbis-tools >= 1.4.0-26.1
  • vorbis-tools-lang >= 1.4.0-26.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA vorbis-tools
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • vorbis-tools >= 1.4.0-26.1
  • vorbis-tools-lang >= 1.4.0-26.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA vorbis-tools
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libxine-devel >= 1.1.15-23.3.9
  • libxine1 >= 1.1.15-23.3.9
  • libxine1-32bit >= 1.1.15-23.3.9
  • libxine1-gnome-vfs >= 1.1.15-23.3.9
  • libxine1-pulse >= 1.1.15-23.3.9
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libxine-devel
SUSE Linux Enterprise SDK 10 SP2
  • speex >= 1.0.5-14.9
  • speex-devel >= 1.0.5-14.9
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
SUSE Linux Enterprise SDK 10 SP2
  • speex >= 1.0.5-14.9
  • speex-devel >= 1.0.5-14.9
  • speex-x86 >= 1.0.5-14.9
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
SUSE Linux Enterprise SDK 10 SP2
  • speex >= 1.0.5-14.9
  • speex-64bit >= 1.0.5-14.9
  • speex-devel >= 1.0.5-14.9
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
SUSE Linux Enterprise SDK 10 SP2
  • speex >= 1.0.5-14.9
  • speex-32bit >= 1.0.5-14.9
  • speex-devel >= 1.0.5-14.9
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for x86
  • speex >= 1.0.3-54.6
  • speex-devel >= 1.0.3-54.6
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
Novell Linux Desktop 9 for x86
  • speex >= 1.0.3-54.6
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
Novell Linux Desktop 9 for x86_64
  • speex >= 1.0.3-54.6
  • speex-32bit >= 9-200806201343
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
SLES SDK 9 for IPF
  • speex >= 1.0.3-54.6
  • speex-devel >= 1.0.3-54.6
  • speex-x86 >= 9-200806201343
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
SLES SDK 9 for IBM iSeries and IBM pSeries
  • speex >= 1.0.3-54.6
  • speex-64bit >= 9-200806201333
  • speex-devel >= 1.0.3-54.6
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
SLES SDK 9 for IBM zSeries
  • speex >= 1.0.3-54.6
  • speex-32bit >= 9-200806201334
  • speex-devel >= 1.0.3-54.6
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
SLES SDK 9 for X86-64
  • speex >= 1.0.3-54.6
  • speex-32bit >= 9-200806201343
  • speex-devel >= 1.0.3-54.6
sles9-nld.x86
core9.x86-64
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sled10-sp2.x86
core9.x86
core9.s390x
sle10-sp2-sdk.ia64
sles9-nld.x86-64
core9.ia64
core9.s390
sled10.x86
sled10-sp2.x86-64
core9.ppc
sle10-sp1-sdk.x86-64
sled10.x86-64
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
sles9-nld.x86
sle10-sp2-sdk.ppc
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5364
SUSE LINUX 10.1
  • vorbis-tools >= 1.1.1-13.7
SUSE Linux Enterprise SDK 10 SP2
  • vorbis-tools >= 1.1.1-13.7
sled10-sp2.x86
sle10-sp2-sdk.s390x
sle10-sp2-sdk.ppc
sle10-sp2-sdk.ia64
sle10-sp2-sdk.x86
sle10-sp2-sdk.x86-64
sled10-sp2.x86-64
ZYPP Patch Nr: 5302
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • vorbis-tools >= 1.0.1-86.3
sles9-nld.x86
sle10-sp1-sdk.s390x
sle10-sp1-sdk.ia64
sle10-sp1-sdk.x86-64
sles9-nld.x86-64
sle10-sp1-sdk.x86
sle10-sp1-sdk.ppc
sled10.x86
sled10.x86-64
ZYPP Patch Nr: 5193
SUSE LINUX 10.1
  • gstreamer010-plugins-good >= 0.10.2-16.19.3
  • gstreamer010-plugins-good-doc >= 0.10.2-16.19.3
  • gstreamer010-plugins-good-extra >= 0.10.2-16.19.3
SUSE LINUX 10.1
  • xine-devel >= 1.1.1-24.39
  • xine-extra >= 1.1.1-24.39
  • xine-lib >= 1.1.1-24.39
  • xine-lib-32bit >= 1.1.1-24.39
  • xine-lib-64bit >= 1.1.1-24.39
  • xine-ui >= 0.99.4-32.35
SUSE Linux Enterprise SDK 10 SP2
  • xine-devel >= 1.1.1-24.40
  • xine-extra >= 1.1.1-24.40
  • xine-lib >= 1.1.1-24.40
  • xine-ui >= 0.99.4-32.36
ZYPP Patch Nr: 5304
SUSE Linux Enterprise SDK 10 SP2
  • xine-devel >= 1.1.1-24.40
  • xine-extra >= 1.1.1-24.40
  • xine-lib >= 1.1.1-24.40
  • xine-lib-x86 >= 1.1.1-24.40
  • xine-ui >= 0.99.4-32.36
ZYPP Patch Nr: 5304
SUSE Linux Enterprise SDK 10 SP2
  • xine-devel >= 1.1.1-24.40
  • xine-extra >= 1.1.1-24.40
  • xine-lib >= 1.1.1-24.40
  • xine-lib-64bit >= 1.1.1-24.40
  • xine-ui >= 0.99.4-32.36
ZYPP Patch Nr: 5304
SUSE Linux Enterprise SDK 10 SP2
  • xine-devel >= 1.1.1-24.40
  • xine-extra >= 1.1.1-24.40
  • xine-lib >= 1.1.1-24.40
  • xine-lib-32bit >= 1.1.1-24.40
  • xine-ui >= 0.99.4-32.36
ZYPP Patch Nr: 5304
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for x86
  • xine-devel >= 0.99.rc3a-106.47
  • xine-extra >= 0.99.rc3a-106.47
  • xine-lib >= 0.99.rc3a-106.47
  • xine-ui >= 0.99.rc3a-106.47
core9.ppc
sle10-sp1-sdk.x86
sle10-sp1-sdk.ia64
sle10-sp1-sdk.s390x
core9.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86-64
core9.ia64
core9.x86-64
sles9-nld.x86
core9.x86
sles9-nld.x86
sled10.x86
sled10.x86-64
sles9-nld.x86-64
core9.s390
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5205
Novell Linux Desktop 9 for x86
  • xine-lib >= 0.99.rc3a-106.47
core9.ppc
sle10-sp1-sdk.x86
sle10-sp1-sdk.ia64
sle10-sp1-sdk.s390x
core9.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86-64
core9.ia64
core9.x86-64
sles9-nld.x86
core9.x86
sles9-nld.x86
sled10.x86
sled10.x86-64
sles9-nld.x86-64
core9.s390
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5205
Novell Linux Desktop 9 for x86_64
  • xine-lib >= 0.99.rc3a-106.47
  • xine-lib-32bit >= 9-200804211655
core9.ppc
sle10-sp1-sdk.x86
sle10-sp1-sdk.ia64
sle10-sp1-sdk.s390x
core9.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86-64
core9.ia64
core9.x86-64
sles9-nld.x86
core9.x86
sles9-nld.x86
sled10.x86
sled10.x86-64
sles9-nld.x86-64
core9.s390
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5205
SLES SDK 9 for IPF
  • xine-devel >= 0.99.rc3a-106.47
  • xine-extra >= 0.99.rc3a-106.47
  • xine-lib >= 0.99.rc3a-106.47
  • xine-lib-x86 >= 9-200804211655
  • xine-ui >= 0.99.rc3a-106.47
core9.ppc
sle10-sp1-sdk.x86
sle10-sp1-sdk.ia64
sle10-sp1-sdk.s390x
core9.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86-64
core9.ia64
core9.x86-64
sles9-nld.x86
core9.x86
sles9-nld.x86
sled10.x86
sled10.x86-64
sles9-nld.x86-64
core9.s390
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5205
SLES SDK 9 for IBM iSeries and IBM pSeries
  • xine-devel >= 0.99.rc3a-106.47
  • xine-extra >= 0.99.rc3a-106.47
  • xine-lib >= 0.99.rc3a-106.47
  • xine-lib-64bit >= 9-200804211724
  • xine-ui >= 0.99.rc3a-106.47
core9.ppc
sle10-sp1-sdk.x86
sle10-sp1-sdk.ia64
sle10-sp1-sdk.s390x
core9.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86-64
core9.ia64
core9.x86-64
sles9-nld.x86
core9.x86
sles9-nld.x86
sled10.x86
sled10.x86-64
sles9-nld.x86-64
core9.s390
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5205
SLES SDK 9 for IBM zSeries
  • xine-devel >= 0.99.rc3a-106.47
  • xine-extra >= 0.99.rc3a-106.47
  • xine-lib >= 0.99.rc3a-106.47
  • xine-lib-32bit >= 9-200804211647
  • xine-ui >= 0.99.rc3a-106.47
core9.ppc
sle10-sp1-sdk.x86
sle10-sp1-sdk.ia64
sle10-sp1-sdk.s390x
core9.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86-64
core9.ia64
core9.x86-64
sles9-nld.x86
core9.x86
sles9-nld.x86
sled10.x86
sled10.x86-64
sles9-nld.x86-64
core9.s390
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5205
SLES SDK 9 for X86-64
  • xine-devel >= 0.99.rc3a-106.47
  • xine-extra >= 0.99.rc3a-106.47
  • xine-lib >= 0.99.rc3a-106.47
  • xine-lib-32bit >= 9-200804211655
  • xine-ui >= 0.99.rc3a-106.47
core9.ppc
sle10-sp1-sdk.x86
sle10-sp1-sdk.ia64
sle10-sp1-sdk.s390x
core9.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86-64
core9.ia64
core9.x86-64
sles9-nld.x86
core9.x86
sles9-nld.x86
sled10.x86
sled10.x86-64
sles9-nld.x86-64
core9.s390
sle10-sp1-sdk.ppc
ZYPP Patch Nr: 5205
openSUSE Leap 42.1
  • vorbis-tools >= 1.4.0-19.1
  • vorbis-tools-lang >= 1.4.0-19.1
Patchnames:
openSUSE Leap 42.1 GA vorbis-tools
openSUSE Leap 42.2
  • vorbis-tools >= 1.4.0-20.4
  • vorbis-tools-lang >= 1.4.0-20.4
Patchnames:
openSUSE Leap 42.2 GA vorbis-tools
openSUSE Leap 42.3
  • vorbis-tools >= 1.4.0-22.4
  • vorbis-tools-lang >= 1.4.0-22.4
Patchnames:
openSUSE Leap 42.3 GA vorbis-tools