CVE-2005-3188 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

4 documents2 sources

Severity

9.3CRITICALNVD

NVD7.6

EPSS

26.9%

top 3.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedDec 31

Latest updateMay 1

Description

Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp18 versions+17

Patches

Patch: securitytracker.com ↗Patch: www.idefense.com ↗Patch: www.osvdb.org ↗

🔴Vulnerability Details

GHSA

GHSA-249v-jf5r-cp5r: Multiple buffer overflows in NullSoft Winamp 5↗2022-05-01

▶

GHSA

GHSA-8jv5-qc9q-5qfw: Buffer overflow in Nullsoft Winamp 5↗2022-05-01

▶