Nullsoft Winamp vulnerabilities

CVE-2009-1791 [CRITICAL] CWE-119 CVE-2009-1791: Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winam Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.

CVE-2009-1788 [CRITICAL] CWE-119 CVE-2009-1788: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.

CVE-2009-0186 [CRITICAL] CWE-189 CVE-2009-0186: Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependen Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

CVE-2009-0263 [CRITICAL] CWE-119 CVE-2009-0263: Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of se Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.

CVE-2008-3567 [MEDIUM] CWE-79 CVE-2008-3567: Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 a Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.

CVE-2008-3441 [HIGH] CWE-94 CVE-2008-3441: Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-i Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVE-2007-4619 [CRITICAL] CWE-189 CVE-2007-4619: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Wina Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

CVE-2007-4392 [MEDIUM] CVE-2007-4392: Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and applica Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.

CVE-2007-2498 [CRITICAL] CVE-2007-2498: libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.

CVE-2007-2180 [HIGH] CVE-2007-2180: Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of se Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.

CVE-2007-1921 [CRITICAL] CVE-2007-1921: LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attac LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.

CVE-2007-1922 [CRITICAL] CWE-20 CVE-2007-1922: The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.

CVE-2006-5567 [CRITICAL] CVE-2006-5567: Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote a Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.

CVE-2006-3228 [CRITICAL] CVE-2006-3228: Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers t Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.

CVE-2006-0720 [HIGH] CVE-2006-0720: Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.

CVE-2006-0708 [CRITICAL] CVE-2006-0708: Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbi Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.

CVE-2006-0476 [HIGH] CVE-2006-0476: Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a play Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).

CVE-2005-3188 [HIGH] CVE-2005-3188: Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) a Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.

CVE-2005-2310 [CRITICAL] CWE-119 CVE-2005-2310: Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote atta Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.

CVE-2004-1119 [CRITICAL] CVE-2004-1119: Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.0 Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.