Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2498 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents3 sources

Severity

9.3CRITICALNVD

NVD6.8

EPSS

9.2%

top 7.27%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Nullsoft Winamp Winamp Nullsoft Winamp

Timeline

PublishedMay 4

Latest updateMay 1

Description

libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDnullsoft/winamp10 versions+9

▶NVDwinamp/nullsoft_winamp5.32

🔴Vulnerability Details

GHSA

GHSA-pw39-q62j-5h8w: libmp4v2↗2022-05-01

▶

GHSA

GHSA-h6gg-2r3h-ppgp: Stack-based buffer overflow in Nullsoft Winamp 5↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Winamp 5.34 - '.mp4' Code Execution↗2007-04-30

▶