Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.0525Percentile:
0.89542
CVSS Scoring
CVSS v2 Score: 9.3
Severity:
Affected Products
cpe:2.3:a:xine:xine-lib:*:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:0.99:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.0.3a:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine-lib:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:*:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:xiph:speex:1.1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:*:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.5.41:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.5.42:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:xiph:libfishsound:0.8.1:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me