Nullsoft Winamp vulnerabilities
61 known vulnerabilities affecting nullsoft/winamp.
Total CVEs
61
CISA KEV
0
Public exploits
21
Exploited in wild
2
Severity breakdown
CRITICAL27HIGH17MEDIUM13LOW4
Vulnerabilities
Page 1 of 4
CVE-2006-5567P2CRITICALCVSS 9.3ExploitedPoCv5.3v5.242006-10-27
CVE-2006-5567 [CRITICAL] CVE-2006-5567: Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote a
Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.
nvd
CVE-2004-0820P2MEDIUMCVSS 4.6ExploitedPoCv2.4v2.5e+27 more2004-08-28
CVE-2004-0820 [MEDIUM] CVE-2004-0820: Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone v
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
nvd
CVE-2006-0476P3HIGHCVSS 7.6PoCv5.122006-01-31
CVE-2006-0476 [HIGH] CVE-2006-0476: Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a play
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
nvd
CVE-2009-1831P2CRITICALCVSS 9.3PoC≤ 5.55v2.0+72 more2009-05-29
CVE-2009-1831 [CRITICAL] CWE-189 CVE-2009-1831: The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
nvd
CVE-2009-0263P3CRITICALCVSS 10.0PoC≤ 5.541v2.0+71 more2009-01-23
CVE-2009-0263 [CRITICAL] CWE-119 CVE-2009-0263: Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of se
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
nvd
CVE-2013-4694P3HIGHCVSS 7.5PoC≤ 5.63v0.20a+61 more2014-04-16
CVE-2013-4694 [HIGH] CWE-119 CVE-2013-4694: Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attacke
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploi
nvd
CVE-2010-4371P3CRITICALCVSS 9.3PoC≤ 5.581v0.20a+55 more2010-12-02
CVE-2010-4371 [CRITICAL] CWE-119 CVE-2010-4371: Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspeci
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
nvd
CVE-2004-1119P3CRITICALCVSS 10.0PoCv5.01v5.02+4 more2005-01-10
CVE-2004-1119 [CRITICAL] CVE-2004-1119: Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.0
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
nvd
CVE-2010-3137P3CRITICALCVSS 9.3PoCv5.5812010-08-26
CVE-2010-3137 [CRITICAL] CVE-2010-3137: Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows lo
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.
nvd
CVE-2007-2498P3CRITICALCVSS 9.3PoCv5.2v5.3+8 more2007-05-04
CVE-2007-2498 [CRITICAL] CVE-2007-2498: libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary
libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.
nvd
CVE-2006-3228P3CRITICALCVSS 9.3PoC≤ 5.23v2.90+28 more2006-06-26
CVE-2006-3228 [CRITICAL] CVE-2006-3228: Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers t
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
nvd
CVE-2005-2310P3CRITICALCVSS 9.3PoC≤ 5.093v5.03a+2 more2005-07-19
CVE-2005-2310 [CRITICAL] CWE-119 CVE-2005-2310: Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote atta
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
nvd
CVE-2003-0765P3HIGHCVSS 7.5PoCv2.81v2.91+2 more2003-09-17
CVE-2003-0765 [HIGH] CVE-2003-0765: The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
nvd
CVE-2006-0720P3HIGHCVSS 7.6PoCv5.12v5.132006-02-23
CVE-2006-0720 [HIGH] CVE-2006-0720: Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
nvd
CVE-2000-0624P3HIGHCVSS 7.5PoC≤ 2.642000-07-20
CVE-2000-0624 [HIGH] CVE-2000-0624: Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
nvd
CVE-2004-1150P4MEDIUMCVSS 5.1PoCv5.0v5.01+7 more2004-12-31
CVE-2004-1150 [MEDIUM] CVE-2004-1150: Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
nvd
CVE-2009-4356P3CRITICALCVSS 9.3≤ 5.56v0.20a+83 more2009-12-18
CVE-2009-4356 [CRITICAL] CWE-189 CVE-2009-4356: Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote at
Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.
nvd
CVE-2002-2195P4MEDIUMCVSS 5.0PoCv2.60v2.61+13 more2002-12-31
CVE-2002-2195 [MEDIUM] CVE-2002-2195: Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
nvd
CVE-2010-1523P3CRITICALCVSS 9.3≤ 5.581v0.20a+87 more2010-11-06
CVE-2010-1523 [CRITICAL] CWE-119 CVE-2010-1523: Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
nvd
CVE-2009-3996P3CRITICALCVSS 9.3≤ 5.56v0.20a+83 more2009-12-18
CVE-2009-3996 [CRITICAL] CWE-119 CVE-2009-3996: Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
nvd
1 / 4Next →