CVE-2004-1896 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

2 documents2 sources

Severity

7.6HIGHNVD

EPSS

24.9%

top 3.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedDec 31

Latest updateApr 29

Description

Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp5 versions+4

Patches

Patch: secunia.com ↗Patch: www.nextgenss.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-v8rp-6wh5-2p3m: Heap-based buffer overflow in in_mod↗2022-04-29

▶