CVE-2010-4370 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

CWE-1893 documents3 sources

Severity

9.3CRITICALNVD

EPSS

7.7%

top 8.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedDec 2

Latest updateMay 14

Description

Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDnullsoft/winamp5.581+56

🔴Vulnerability Details

GHSA

GHSA-v62v-445r-w7rj: Multiple integer overflows in the in_midi plugin in Winamp before 5↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Racer 0.5.3 Beta 5 - Remote Buffer Overflow (Metasploit)↗2010-09-20

▶