Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2310Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
7.7%
top 8.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Nullsoft Winamp
Timeline
PublishedJul 19
Latest updateMay 1

Description

Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDnullsoft/winamp5.093+3

🔴Vulnerability Details

1
GHSA
GHSA-g42v-97pv-hf4v: Buffer overflow in Winamp 52022-05-01

💥Exploits & PoCs

1
Exploit-DB
NullSoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow2005-07-15

💬Community

1
Bugzilla
CVE-2005-2969 openssl mitm downgrade attack2008-01-29