DEBIAN-CVE-2008-1686

Advisory lineage Upstream: 1 Downstream: 6

Upstream

CVE-2008-1686

Downstream

DSA-1584-1 DSA-1585-1 DSA-1586-1 DTSA-127-1 DTSA-128-1 DTSA-129-1

Published: 08 Apr 2008, 18:05

Last modified:28 Apr 2026, 20:10

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Apr 2008, 18:05

Published

Vulnerability first disclosed

28 Apr 2026, 20:10

Last Modified

Vulnerability information updated

Description

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

Affected Systems

debian•libfishsound
< 0.7.0-2.2 | < 0.7.0-2.2 | < 0.7.0-2.2 | < 0.7.0-2.2
debian•speex
< 1.2~beta2-1 | < 1.2~beta2-1 | < 1.2~beta2-1 | < 1.2~beta2-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2008-1686