Unrated severityNVD Advisory· Published Jul 19, 2005· Updated Apr 16, 2026

CVE-2005-2310

Description

Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.

Affected products

Nullsoft/Winamp4 versions
cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*range: <=5.093
- cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.lss.hr/index.phpnvdExploitVendor Advisory
securitytracker.com/idnvdExploit
secunia.com/advisories/16077nvdVendor Advisory
www.osvdb.org/17897nvd
www.securityfocus.com/bid/14276nvd
www.vupen.com/english/advisories/2005/1106nvd
www.winamp.com/player/version_history.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000