PT-2008-6941 · Xiph.Org+2 · Speex+3

Tomas Hoger

Publicado

1970-01-01

Atualizado

2024-06-15

CVE-2008-1686

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Speex versions 1.1.12 and earlier libfishsound versions 0.9.0 and earlier xine-lib versions prior to 1.1.12

Description The issue allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For Speex versions 1.1.12 and earlier, update to a version later than 1.1.12. For libfishsound versions 0.9.0 and earlier, update to a version later than 0.9.0. For xine-lib versions prior to 1.1.12, update to version 1.1.12 or later. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

BDU:2015-03308

BDU:2015-03309

BDU:2015-07596

BDU:2015-07597

BDU:2015-07598

BDU:2015-07599

CVE-2008-1686

DSA-1584-1

DSA-1585-1

DSA-1586-1

DTSA-127-1

DTSA-128-1

DTSA-129-1

OPENSUSE-SU-2024:10610-1

OPENSUSE-SU-2024:10829-1

OPENSUSE-SU-2024:11503-1

RHSA-2008:0235

RHSA-2008_0235

Produtos afetados

Red Hat

Speex

Libfishsound

Xine-Lib

PT-2008-6941 · Xiph.Org+2 · Speex+3

CVE-2008-1686

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 77