Speex Validation Flaw in Speex Decoder Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019875 |
|
SecurityTracker URL: http://securitytracker.com/id/1019875
|
|
CVE Reference:
CVE-2008-1686
(Links to External Site)
|
Date: Apr 17 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Vendor Confirmed: Yes
|
Version(s): 1.1.12 and prior versions
|
Description:
A vulnerability was reported in Speex. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a stream with specially crafted headers that, when loaded by the target application, will trigger an error in the speex decoder and execute arbitrary code on the target system. The code will run with the privileges of the target application.
libfishsound and xine-lib are also affected.
The original advisory is available at:
http://www.ocert.org/advisories/ocert-2008-2.html
An anonymous researcher reported this vulnerability.
|
Impact:
A remote user can create a stream that, when loaded by the target application, will execute arbitrary code on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.speex.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Sun Apr 6 14:12:18 PDT 2008
Subject: [Speex-dev] libfishsound 0.9.1 Release
|
FishSound 0.9.1 Release
-----------------------
libfishsound provides a simple programming interface for decoding and
encoding audio data using Xiph.Org codecs (FLAC, Speex and Vorbis).
This release is available as a source tarball at:
http://www.annodex.net/software/libfishsound/download/libfishsound-0.9.1.tar.gz
New in this release
-------------------
This is a maintenance release, containing the following changes:
* Fixed bounds checking of mode in Speex header (merged from speexdec)
* Updated Visual Studio solution file with recently added sources and
headers (arke)
* Updated FLAC configure checking and testing
* Support for automake 1.10 and other build cleanups (johnf)
About libfishsound
------------------
libfishsound by itself is designed to handle raw codec streams from a
lower level layer such as UDP datagrams. When these codecs are used in
files, they are commonly encapsulated in Ogg to produce Ogg FLAC, SPeex
and Ogg Vorbis files.
libfishsound is a wrapper around the existing codec libraries and provides
a consistent, higher-level programming interface. It has been designed for
use in a wide variety of applications; it has no direct dependencies on
Ogg encapsulation, though it is most commonly used in conjunction with
liboggz to decode or encode FLAC, Speex or Vorbis audio tracks in Ogg files,
including Ogg Theora and Annodex.
FishSound has been developed and tested on GNU/Linux, Darwin/MacOSX and
Win32. It probably also works on other Unix-like systems via GNU autoconf.
For Win32: nmake Makefiles, Visual Studio .NET 2003 solution files and
Visual C++ 6.0 workspace files are all provided in the source distribution.
Full documentation of the FishSound API, customization and installation,
and complete examples of Ogg FLAC, Speex and Ogg Vorbis decoding and
encoding are provided in the source tarball, and can be read online
at:
http://www.annodex.net/software/libfishsound/html/
FishSound is Free Software, available under a BSD-style license.
More information is available online at the FishSound homepage:
http://www.annodex.net/software/libfishsound/
enjoy :)
--
Conrad Parker, Annodex Association
http://www.annodex.net/
|
|
