Total
62 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0624 | 1 Nullsoft | 1 Winamp | 2017-10-09 | 7.5 HIGH | N/A |
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist. | |||||
CVE-2009-0833 | 2 Myplugins, Nullsoft | 2 Gen Msn, Winamp | 2017-09-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-1831 | 1 Nullsoft | 1 Winamp | 2017-09-28 | 9.3 HIGH | N/A |
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow. | |||||
CVE-2008-3567 | 1 Nullsoft | 1 Winamp | 2017-09-28 | 4.3 MEDIUM | N/A |
Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. | |||||
CVE-2007-4619 | 2 Flac, Nullsoft | 2 Libflac, Winamp | 2017-09-28 | 9.3 HIGH | N/A |
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. | |||||
CVE-2012-3890 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 6.8 MEDIUM | N/A |
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. | |||||
CVE-2012-4045 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 7.5 HIGH | N/A |
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. | |||||
CVE-2012-3889 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 6.8 MEDIUM | N/A |
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. | |||||
CVE-2011-4857 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-3834 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 9.3 HIGH | N/A |
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow. | |||||
CVE-2010-4374 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 4.3 MEDIUM | N/A |
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length. | |||||
CVE-2010-3137 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 9.3 HIGH | N/A |
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file. | |||||
CVE-2010-4371 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 9.3 HIGH | N/A |
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box. | |||||
CVE-2010-4372 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 9.3 HIGH | N/A |
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586. | |||||
CVE-2010-4373 | 1 Nullsoft | 1 Winamp | 2017-09-18 | 4.3 MEDIUM | N/A |
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file. | |||||
CVE-2014-3442 | 1 Nullsoft | 1 Winamp | 2017-08-28 | 4.3 MEDIUM | N/A |
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. | |||||
CVE-2013-4694 | 1 Nullsoft | 1 Winamp | 2017-08-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk. | |||||
CVE-2009-1788 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2017-08-16 | 9.3 HIGH | N/A |
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value. | |||||
CVE-2009-1791 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2017-08-16 | 9.3 HIGH | N/A |
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value. | |||||
CVE-2005-3188 | 1 Nullsoft | 1 Winamp | 2017-07-10 | 7.6 HIGH | N/A |
Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. |