cbcvebase.

Nullsoft Winamp vulnerabilities

61 known vulnerabilities affecting nullsoft/winamp.

Total CVEs
61
CISA KEV
0
Public exploits
21
Exploited in wild
2
Severity breakdown
CRITICAL27HIGH17MEDIUM13LOW4

Vulnerabilities

Page 1 of 4
CVE-2006-5567P2CRITICALCVSS 9.3ExploitedPoCv5.3v5.242006-10-27
CVE-2006-5567 [CRITICAL] CVE-2006-5567: Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote a Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.
nvd
CVE-2004-0820P2MEDIUMCVSS 4.6ExploitedPoCv2.4v2.5e+27 more2004-08-28
CVE-2004-0820 [MEDIUM] CVE-2004-0820: Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone v Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
nvd
CVE-2006-0476P3HIGHCVSS 7.6PoCv5.122006-01-31
CVE-2006-0476 [HIGH] CVE-2006-0476: Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a play Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
nvd
CVE-2009-1831P2CRITICALCVSS 9.3PoC≤ 5.55v2.0+72 more2009-05-29
CVE-2009-1831 [CRITICAL] CWE-189 CVE-2009-1831: The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
nvd
CVE-2009-0263P3CRITICALCVSS 10.0PoC≤ 5.541v2.0+71 more2009-01-23
CVE-2009-0263 [CRITICAL] CWE-119 CVE-2009-0263: Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of se Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
nvd
CVE-2013-4694P3HIGHCVSS 7.5PoC≤ 5.63v0.20a+61 more2014-04-16
CVE-2013-4694 [HIGH] CWE-119 CVE-2013-4694: Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attacke Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploi
nvd
CVE-2010-4371P3CRITICALCVSS 9.3PoC≤ 5.581v0.20a+55 more2010-12-02
CVE-2010-4371 [CRITICAL] CWE-119 CVE-2010-4371: Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspeci Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
nvd
CVE-2004-1119P3CRITICALCVSS 10.0PoCv5.01v5.02+4 more2005-01-10
CVE-2004-1119 [CRITICAL] CVE-2004-1119: Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.0 Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
nvd
CVE-2010-3137P3CRITICALCVSS 9.3PoCv5.5812010-08-26
CVE-2010-3137 [CRITICAL] CVE-2010-3137: Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows lo Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.
nvd
CVE-2007-2498P3CRITICALCVSS 9.3PoCv5.2v5.3+8 more2007-05-04
CVE-2007-2498 [CRITICAL] CVE-2007-2498: libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.
nvd
CVE-2006-3228P3CRITICALCVSS 9.3PoC≤ 5.23v2.90+28 more2006-06-26
CVE-2006-3228 [CRITICAL] CVE-2006-3228: Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers t Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
nvd
CVE-2005-2310P3CRITICALCVSS 9.3PoC≤ 5.093v5.03a+2 more2005-07-19
CVE-2005-2310 [CRITICAL] CWE-119 CVE-2005-2310: Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote atta Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
nvd
CVE-2003-0765P3HIGHCVSS 7.5PoCv2.81v2.91+2 more2003-09-17
CVE-2003-0765 [HIGH] CVE-2003-0765: The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
nvd
CVE-2006-0720P3HIGHCVSS 7.6PoCv5.12v5.132006-02-23
CVE-2006-0720 [HIGH] CVE-2006-0720: Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
nvd
CVE-2000-0624P3HIGHCVSS 7.5PoC≤ 2.642000-07-20
CVE-2000-0624 [HIGH] CVE-2000-0624: Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
nvd
CVE-2004-1150P4MEDIUMCVSS 5.1PoCv5.0v5.01+7 more2004-12-31
CVE-2004-1150 [MEDIUM] CVE-2004-1150: Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
nvd
CVE-2009-4356P3CRITICALCVSS 9.3≤ 5.56v0.20a+83 more2009-12-18
CVE-2009-4356 [CRITICAL] CWE-189 CVE-2009-4356: Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote at Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.
nvd
CVE-2002-2195P4MEDIUMCVSS 5.0PoCv2.60v2.61+13 more2002-12-31
CVE-2002-2195 [MEDIUM] CVE-2002-2195: Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
nvd
CVE-2010-1523P3CRITICALCVSS 9.3≤ 5.581v0.20a+87 more2010-11-06
CVE-2010-1523 [CRITICAL] CWE-119 CVE-2010-1523: Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
nvd
CVE-2009-3996P3CRITICALCVSS 9.3≤ 5.56v0.20a+83 more2009-12-18
CVE-2009-3996 [CRITICAL] CWE-119 CVE-2009-3996: Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
nvd
Nullsoft Winamp vulnerabilities | cvebase