CVE-2007-1922 — Improper Input Validation in Winamp

CWE-20 — Improper Input Validation2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

15.6%

top 5.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedApr 10

Latest updateMay 1

Description

The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp5.33

Patches

Patch: www.piotrbania.com ↗Patch: www.piotrbania.com ↗

🔴Vulnerability Details

GHSA

GHSA-79wq-4p6w-9m3x: The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD↗2022-05-01

▶