--- speex-1.2beta2/libspeex/speex_header.c.cve-2008-1686 2007-03-18 08:25:09.000000000 -0400 +++ speex-1.2beta2/libspeex/speex_header.c 2008-04-28 13:42:18.000000000 -0400 @@ -161,6 +161,13 @@ SpeexHeader *speex_packet_to_header(char ENDIAN_SWITCH(le_header->frames_per_packet); ENDIAN_SWITCH(le_header->extra_headers); + if (le_header->mode >= SPEEX_NB_MODES || le_header->mode < 0) + { + speex_notify("Invalid mode specified in Speex header"); + speex_free (le_header); + return NULL; + } + return le_header; }