CVE-2002-1524 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

11.5%

top 6.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedApr 2

Latest updateApr 30

Description

Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDnullsoft/winamp3.0

🔴Vulnerability Details

GHSA

GHSA-ff3r-4q22-8fwc: Buffer overflow in XML parser in wsabi↗2022-04-30

▶