CVE-2006-0708 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

17.5%

top 4.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedFeb 15

Latest updateMay 1

Description

Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp18 versions+17

🔴Vulnerability Details

GHSA

GHSA-249v-jf5r-cp5r: Multiple buffer overflows in NullSoft Winamp 5↗2022-05-01

▶

💬Community

Bugzilla

CVE-2006-4812 PHP ecalloc integer overflow↗2006-10-05

▶