CVE-2003-1272 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

2.5%

top 14.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedDec 31

Latest updateApr 29

Description

Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp3.0

🔴Vulnerability Details

GHSA

GHSA-r87m-8hr6-36pj: Multiple buffer overflows in Winamp 3↗2022-04-29

▶