Nullsoft Winamp vulnerabilities
61 known vulnerabilities affecting nullsoft/winamp.
Total CVEs
61
CISA KEV
0
Public exploits
21
Exploited in wild
2
Severity breakdown
CRITICAL27HIGH17MEDIUM13LOW4
Vulnerabilities
Page 3 of 4
CVE-2005-3188P3HIGHCVSS 7.6v5.0942005-12-31
CVE-2005-3188 [HIGH] CVE-2005-3188: Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) a
Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.
nvd
CVE-2004-1896P4HIGHCVSS 7.6v2.91v3.0+3 more2004-12-31
CVE-2004-1896 [HIGH] CVE-2004-1896: Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attacker
Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.
nvd
CVE-2003-1272P4CRITICALCVSS 9.3v3.02003-12-31
CVE-2003-1272 [CRITICAL] CVE-2003-1272: Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash)
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
nvd
CVE-2002-1177P4HIGHCVSS 7.5v3.02002-12-26
CVE-2002-1177 [HIGH] CVE-2002-1177: Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
nvd
CVE-2002-0547P4HIGHCVSS 7.5≤ 2.792002-07-03
CVE-2002-0547 [HIGH] CVE-2002-0547: Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a d
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
nvd
CVE-2012-3889P4MEDIUMCVSS 6.8≤ 5.623v0.20a+57 more2012-07-11
CVE-2012-3889 [MEDIUM] CWE-119 CVE-2012-3889: The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
nvd
CVE-2012-3890P4MEDIUMCVSS 6.8≤ 5.623v0.20a+57 more2012-07-11
CVE-2012-3890 [MEDIUM] CWE-119 CVE-2012-3890: The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap m
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
nvd
CVE-2002-1524P4HIGHCVSS 7.5v3.02003-04-02
CVE-2002-1524 [HIGH] CVE-2002-1524: Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execut
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
nvd
CVE-2002-2392P4MEDIUMCVSS 6.4v2.65v2.70+11 more2002-12-31
CVE-2002-2392 [MEDIUM] CVE-2002-2392: Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attack
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
nvd
CVE-2002-1176P4HIGHCVSS 7.5v2.812002-12-26
CVE-2002-1176 [HIGH] CVE-2002-1176: Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist I
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
nvd
CVE-2002-0546P4HIGHCVSS 7.5v2.78v2.792002-07-03
CVE-2002-0546 [HIGH] CVE-2002-0546: Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attack
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
nvd
CVE-2008-3567P4MEDIUMCVSS 4.3≤ 5.54v2.0+70 more2008-08-10
CVE-2008-3567 [MEDIUM] CWE-79 CVE-2008-3567: Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 a
Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
nvd
CVE-2004-2384P4MEDIUMCVSS 5.0v5.022004-12-31
CVE-2004-2384 [MEDIUM] CVE-2004-2384: NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file
NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.
nvd
CVE-2010-4374P4MEDIUMCVSS 4.3≤ 5.581v0.20a+55 more2010-12-02
CVE-2010-4374 [MEDIUM] CWE-399 CVE-2010-4374: The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (applica
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.
nvd
CVE-2010-4373P4MEDIUMCVSS 4.3≤ 5.581v0.20a+55 more2010-12-02
CVE-2010-4373 [MEDIUM] CVE-2010-4373: The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (applica
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.
nvd
CVE-2007-4392P4MEDIUMCVSS 4.3v5.352007-08-17
CVE-2007-4392 [MEDIUM] CVE-2007-4392: Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and applica
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.
nvd
CVE-2003-1274P4MEDIUMCVSS 5.0v3.02003-12-31
CVE-2003-1274 [MEDIUM] CVE-2003-1274: Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: a
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
nvd
CVE-2004-1396P4LOWCVSS 2.6v5.072004-12-31
CVE-2004-1396 [LOW] CVE-2004-1396: Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (appli
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
nvd
CVE-2002-2412P4LOWCVSS 2.1v2.802002-12-31
CVE-2002-2412 [LOW] CWE-255 CVE-2002-2412: Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] s
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
nvd
CVE-2003-1273P4LOWCVSS 2.1v3.02003-12-31
CVE-2003-1273 [LOW] CVE-2003-1273: Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playl
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
nvd