Total
62 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3441 | 1 Nullsoft | 1 Winamp | 2018-11-01 | 7.5 HIGH | N/A |
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
CVE-2006-0720 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 7.6 HIGH | N/A |
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | |||||
CVE-2006-0708 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 9.3 HIGH | N/A |
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. | |||||
CVE-2006-0476 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 7.6 HIGH | N/A |
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | |||||
CVE-2007-2180 | 1 Nullsoft | 1 Winamp | 2018-10-16 | 7.1 HIGH | N/A |
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. | |||||
CVE-2007-1921 | 1 Nullsoft | 1 Winamp | 2018-10-16 | 9.3 HIGH | N/A |
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. | |||||
CVE-2007-1922 | 1 Nullsoft | 1 Winamp | 2018-10-16 | 9.3 HIGH | N/A |
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. | |||||
CVE-2007-4392 | 1 Nullsoft | 1 Winamp | 2018-10-15 | 4.3 MEDIUM | N/A |
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. | |||||
CVE-2009-0186 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2018-10-11 | 9.3 HIGH | N/A |
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. | |||||
CVE-2010-4370 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow. | |||||
CVE-2010-2586 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow. | |||||
CVE-2010-1523 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream. | |||||
CVE-2009-4356 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file. | |||||
CVE-2009-3995 | 2 Nullsoft, Raphael Assenat | 2 Winamp, Libmikmod | 2018-10-10 | 9.3 HIGH | N/A |
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-3996 | 2 Nullsoft, Raphael Assenat | 2 Winamp, Libmikmod | 2018-10-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. | |||||
CVE-2009-3997 | 1 Nullsoft | 1 Winamp | 2018-10-10 | 9.3 HIGH | N/A |
Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow. | |||||
CVE-2009-0263 | 1 Nullsoft | 1 Winamp | 2017-10-18 | 10.0 HIGH | N/A |
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file. | |||||
CVE-2006-3228 | 1 Nullsoft | 1 Winamp | 2017-10-18 | 9.3 HIGH | N/A |
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. | |||||
CVE-2007-2498 | 1 Nullsoft | 1 Winamp | 2017-10-10 | 9.3 HIGH | N/A |
libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2006-5567 | 1 Nullsoft | 1 Winamp | 2017-10-10 | 9.3 HIGH | N/A |
Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags. |