suse · CVE-2008-1686

Quick triage

Priority: critical Published: 2021-05-30 12:42:22 UTC Updated: 2026-04-18 20:28:04 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2008-1686 severity critical: SUSE including 38 source package names (gstreamer-0_10-plugins-good-0.10.17-1.1.126, gstreamer-0_10-plugins-good-0.10.30-5.12.15, …), 65 product×package rows across 21 product lines (SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Desktop 12 SP1, … (21 product lines)): Fixed 65.

Description:

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.

cvelogic Threat Intelligence