|Array index vulnerability in Speex 1.1.12 and earlier, as used in
libfishsound 0.9.0 and earlier, including Illiminable DirectShow
Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and
many other products, allows remote attackers to execute arbitrary code
via a header structure containing a negative offset, which is used to
dereference a function pointer.