Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0263Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
17.9%
top 4.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Nullsoft Winamp
Timeline
PublishedJan 23
Latest updateMay 2

Description

Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDnullsoft/winamp5.541+72

🔴Vulnerability Details

1
GHSA
GHSA-m2wg-2c36-4pjw: Multiple buffer overflows in Winamp 52022-05-02

💥Exploits & PoCs

1
Exploit-DB
Winamp 5.541 - '.mp3'/'.aiff' File Multiple Denial of Service Vulnerabilities2009-01-12