Debian Security Advisory

DSA-1585-1 speex -- integer overflow

Date Reported:
21 May 2008
Affected Packages:
speex
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2008-1686.
More information:

It was discovered that speex, the Speex codec command line tools, did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code.

For the stable distribution (etch), this problem has been fixed in version 1.1.12-3etch1.

We recommend that you upgrade your speex package.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12.orig.tar.gz
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1.diff.gz
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1.dsc
Architecture-independent component:
http://security.debian.org/pool/updates/main/s/speex/speex-doc_1.1.12-3etch1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_alpha.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_alpha.deb
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_amd64.deb
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_amd64.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_arm.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_arm.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_i386.deb
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_i386.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_i386.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_mips.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_mips.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_mipsel.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_mipsel.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_mipsel.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_sparc.deb
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_sparc.deb
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.