Winamp
by Winamp
CVEs (50)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-6547 | 0.00 | — | 0.03 | Dec 14, 2006 | Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file. | |||
| CVE-2004-1396 | 0.00 | — | 0.03 | Dec 31, 2004 | Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. | |||
| CVE-2003-1273 | 0.00 | — | 0.01 | Dec 31, 2003 | Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters. | |||
| CVE-2003-1272 | 0.00 | — | 0.04 | Dec 31, 2003 | Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter. | |||
| CVE-2003-1274 | 0.00 | — | 0.01 | Dec 31, 2003 | Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux. | |||
| CVE-2002-1524 | 0.00 | — | 0.04 | Apr 2, 2003 | Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. | |||
| CVE-2002-2392 | 0.00 | — | 0.03 | Dec 31, 2002 | Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. | |||
| CVE-2002-1177 | 0.00 | — | 0.03 | Dec 26, 2002 | Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag. | |||
| CVE-2002-0547 | 0.00 | — | 0.03 | Jul 3, 2002 | Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag. | |||
| CVE-2002-0284 | 0.00 | — | 0.01 | May 31, 2002 | Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname. |
- CVE-2006-6547Dec 14, 2006risk 0.00cvss —epss 0.03
Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file.
- CVE-2004-1396Dec 31, 2004risk 0.00cvss —epss 0.03
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
- CVE-2003-1273Dec 31, 2003risk 0.00cvss —epss 0.01
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
- CVE-2003-1272Dec 31, 2003risk 0.00cvss —epss 0.04
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
- CVE-2003-1274Dec 31, 2003risk 0.00cvss —epss 0.01
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
- CVE-2002-1524Apr 2, 2003risk 0.00cvss —epss 0.04
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
- CVE-2002-2392Dec 31, 2002risk 0.00cvss —epss 0.03
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
- CVE-2002-1177Dec 26, 2002risk 0.00cvss —epss 0.03
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
- CVE-2002-0547Jul 3, 2002risk 0.00cvss —epss 0.03
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
- CVE-2002-0284May 31, 2002risk 0.00cvss —epss 0.01
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
Page 3 of 3