Computer Security
[EN] securityvulns.ru no-pyccku


Speex / VLC / gstreamer-plugins-good / sweep / SDL_sound / vorbis-tools / Xine buffer overflow
Published:17.04.2008
Source:
SecurityVulns ID:8922
Type:library
Threat Level:
7/10
Description:Buffer overflow in speex_packet_to_header().
Affected:XINE : xine 1.1
 XINE : xinelib 1.1
 VLC : VLC Media Player 0.8
 GSTREAMER : gstreamer-plugins-good 0.10
 SDLSOUND : SDL_sound 1.0
 SPEEX : Speex 1.1
 SWEEP : Sweep 1.1
 VORBISTOOLS : vorbis-tools 1.2
CVE:CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)
Original documentdocumentAndrea Barisani, [oCERT-2008-004] multiple speex implementations insufficient boundary checks (17.04.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod