Speex / VLC / gstreamer-plugins-good / sweep / SDL_sound / vorbis-tools / Xine buffer overflow
Published:		17.04.2008
Source:		BUGTRAQ
SecurityVulns ID:		8922
Type:		library
Level:		7/10
Description:		Buffer overflow in speex_packet_to_header().

Affected:		XINE : xine 1.1
		XINE : xinelib 1.1
		VLC : VLC Media Player 0.8
		GSTREAMER : gstreamer-plugins-good 0.10
		SDLSOUND : SDL_sound 1.0
		SPEEX : Speex 1.1
		SWEEP : Sweep 1.1
		VORBISTOOLS : vorbis-tools 1.2
CVE:		CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)

Original document

Andrea Barisani, [oCERT-2008-004] multiple speex implementations insufficient boundary checks (17.04.2008)

Discuss:

Read or add your comments to this news (0 comments)