CVE-2012-3889 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Winamp

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources

Severity

6.8MEDIUMNVD

EPSS

0.7%

top 28.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedJul 11

Latest updateMay 17

Description

The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDnullsoft/winamp5.623+58

Patches

Patch: forums.winamp.com ↗Patch: forums.winamp.com ↗

🔴Vulnerability Details

GHSA

GHSA-j5gx-p56p-ghxf: The in_mod plugin in Winamp before 5↗2022-05-17

▶