CVE-2002-1177 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

3.1%

top 13.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedDec 26

Latest updateApr 30

Description

Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDnullsoft/winamp3.0

🔴Vulnerability Details

GHSA

GHSA-86qq-pxxj-cq4f: Multiple buffer overflows in Winamp 3↗2022-04-30

▶