cbcvebase.

Nullsoft Winamp vulnerabilities

61 known vulnerabilities affecting nullsoft/winamp.

Total CVEs
61
CISA KEV
0
Public exploits
21
Exploited in wild
2
Severity breakdown
CRITICAL27HIGH17MEDIUM13LOW4

Vulnerabilities

Page 2 of 4
CVE-2007-2180P4HIGHCVSS 7.1PoCv5.32007-04-24
CVE-2007-2180 [HIGH] CVE-2007-2180: Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of se Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
nvd
CVE-2000-0049P4HIGHCVSS 7.2PoCv2.0v2.102000-01-04
CVE-2000-0049 [HIGH] CVE-2000-0049: Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a . Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
nvd
CVE-2011-4857P3CRITICALCVSS 10.0≤ 5.622v0.20a+58 more2011-12-16
CVE-2011-4857 [CRITICAL] CWE-119 CVE-2011-4857: Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers t Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.
nvd
CVE-2010-4370P3CRITICALCVSS 9.3≤ 5.581v0.20a+55 more2010-12-02
CVE-2010-4370 [CRITICAL] CWE-189 CVE-2010-4370: Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to exec Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.
nvd
CVE-2001-0490P4HIGHCVSS 7.5PoCv2.6xv2.7x2001-06-27
CVE-2001-0490 [HIGH] CVE-2001-0490: Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
nvd
CVE-2009-3997P3CRITICALCVSS 9.3≤ 5.56v0.20a+83 more2009-12-18
CVE-2009-3997 [CRITICAL] CWE-189 CVE-2009-3997: Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow re Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow.
nvd
CVE-2010-2586P3CRITICALCVSS 9.3≤ 5.581v0.20a+55 more2010-12-02
CVE-2010-2586 [CRITICAL] CWE-189 CVE-2010-2586: Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote atta Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.
nvd
CVE-2009-3995P3CRITICALCVSS 9.3≤ 5.56v0.20a+83 more2009-12-18
CVE-2009-3995 [CRITICAL] CWE-119 CVE-2009-3995: Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
nvd
CVE-2011-3834P3CRITICALCVSS 9.3≤ 5.622v0.20a+58 more2011-12-16
CVE-2011-3834 [CRITICAL] CWE-189 CVE-2011-3834: Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
nvd
CVE-2007-1921P3CRITICALCVSS 9.3v5.332007-04-10
CVE-2007-1921 [CRITICAL] CVE-2007-1921: LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attac LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.
nvd
CVE-2014-3442P4MEDIUMCVSS 4.3PoC≤ 5.666v5.0+50 more2014-05-23
CVE-2014-3442 [MEDIUM] CWE-119 CVE-2014-3442: Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
nvd
CVE-2007-4619P3CRITICALCVSS 9.3≤ 5.352007-10-12
CVE-2007-4619 [CRITICAL] CWE-189 CVE-2007-4619: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Wina Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
nvd
CVE-2007-1922P3CRITICALCVSS 9.3v5.332007-04-10
CVE-2007-1922 [CRITICAL] CWE-20 CVE-2007-1922: The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
nvd
CVE-2012-4045P3HIGHCVSS 7.5≤ 5.632012-07-22
CVE-2012-4045 [HIGH] CWE-119 CVE-2012-4045: Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attack Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
nvd
CVE-2009-0186P3CRITICALCVSS 9.3v5.55v5.5412009-03-05
CVE-2009-0186 [CRITICAL] CWE-189 CVE-2009-0186: Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependen Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
nvd
CVE-2009-1788P3CRITICALCVSS 9.3v5.5v5.51+5 more2009-05-26
CVE-2009-1788 [CRITICAL] CWE-119 CVE-2009-1788: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
nvd
CVE-2010-4372P3CRITICALCVSS 9.3≤ 5.581v0.20a+55 more2010-12-02
CVE-2010-4372 [CRITICAL] CVE-2010-4372: Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspec Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.
nvd
CVE-2006-0708P3CRITICALCVSS 9.3v5.0v5.01+16 more2006-02-15
CVE-2006-0708 [CRITICAL] CVE-2006-0708: Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbi Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
nvd
CVE-2009-1791P3CRITICALCVSS 9.3v5.5v5.51+5 more2009-05-26
CVE-2009-1791 [CRITICAL] CWE-119 CVE-2009-1791: Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winam Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
nvd
CVE-2008-3441P3HIGHCVSS 7.5fixed in 5.242008-08-01
CVE-2008-3441 [HIGH] CWE-94 CVE-2008-3441: Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-i Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
nvd
Nullsoft Winamp vulnerabilities | cvebase