Solution
Please Install the Updated Packages.
Insight
A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers.
An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686).
The speex plugin in the gstreamer-plugins-good package is similarly affected by this issue.
The updated packages have been patched to correct this issue.
Affected
gstreamer-plugins-good on Mandriva Linux 2008.0,
Mandriva Linux 2008.0/X86_64,
Mandriva Linux 2008.1,
Mandriva Linux 2008.1/X86_64
Severity
Classification
-
CVE CVE-2008-1686 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities