2008/04/17 #2008-004 multiple speex implementations insufficient boundary
checks
Description:
The reference speex decoder from the Speex library performs insufficient
boundary checks on a header structure read from user input, this has been
reported in oCERT-2008-002 advisory.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Speex: User-assisted execution of arbitrary code
Date: April 17, 2008
Bugs: #217715
ID: 200804-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===========================================================
Ubuntu Security Notice USN-611-1 May 08, 2008
speex vulnerability
CVE-2008-1686
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
Affected: 2008.0, 2008.1
_______________________________________________________________________
Problem Description:
A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for GStreamer Good Plugins.
Original advisory details:
It was discovered that Speex did not properly validate its input when
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-611-1 fixed a vulnerability in Speex. This update provides the
corresponding update for ogg123, part of vorbis-tools.
Original advisory details:
It was discovered that Speex did not properly validate its input when
Affected: 2008.0, 2008.1
_______________________________________________________________________
Problem Description:
A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).
Affected: 2008.0, 2008.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
A vulnerability in the Speex library was found where it did not
properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an
application or potentially allow the execution of arbitrary code
with the privileges of the application calling the Speex library
(CVE-2008-1686).
MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-1482)
It was discovered that xine-lib did not properly validate its input
when processing Speex file headers. If a user or automated system
were tricked into opening a specially crafted Speex file, an
attacker could create a denial of service or possibly execute
arbitrary code as the user invoking the program. (CVE-2008-1686)
Guido Landi discovered a stack-based buffer overflow in xine-lib
overflow heap buffers and potentially execute arbitrary code by
supplying a maliciously crafted file of those types.
CVE-2008-1686
Insufficient input validation in the Speex implementation used
by this version of xine enables an invalid array access and the
execution of arbitrary code by supplying a maliciously crafted
Speex file.
CVE-2008-1878
