Winamp
by Nullsoft
CVEs (62)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0624 | 0.03 | — | 0.04 | Jul 20, 2000 | Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist. | |||
| CVE-2000-0049 | 0.03 | — | 0.02 | Jan 4, 2000 | Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file. | |||
| CVE-2009-3996 | 0.01 | — | 0.06 | Dec 18, 2009 | Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file. | |||
| CVE-2009-3995 | 0.01 | — | 0.07 | Dec 18, 2009 | Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. … | |||
| CVE-2009-1791 | 0.01 | — | 0.07 | May 26, 2009 | Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an… | |||
| CVE-2009-1788 | 0.01 | — | 0.08 | May 26, 2009 | Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an… | |||
| CVE-2007-4619 | 0.01 | — | 0.07 | Oct 12, 2007 | Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a… | |||
| CVE-2006-0708 | 0.01 | — | 0.07 | Feb 15, 2006 | Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long… | |||
| CVE-2005-3188 | 0.01 | — | 0.07 | Dec 31, 2005 | Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | |||
| CVE-2012-4045 | 0.00 | — | 0.03 | Jul 22, 2012 | Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. | |||
| CVE-2012-3890 | 0.00 | — | 0.02 | Jul 11, 2012 | The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. | |||
| CVE-2012-3889 | 0.00 | — | 0.02 | Jul 11, 2012 | The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. | |||
| CVE-2011-4857 | 0.00 | — | 0.05 | Dec 16, 2011 | Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information. | |||
| CVE-2011-3834 | 0.00 | — | 0.05 | Dec 16, 2011 | Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow. | |||
| CVE-2010-4374 | 0.00 | — | 0.02 | Dec 2, 2010 | The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length. | |||
| CVE-2010-4373 | 0.00 | — | 0.02 | Dec 2, 2010 | The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file. | |||
| CVE-2010-4372 | 0.00 | — | 0.03 | Dec 2, 2010 | Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586. | |||
| CVE-2010-4370 | 0.00 | — | 0.05 | Dec 2, 2010 | Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow. | |||
| CVE-2010-2586 | 0.00 | — | 0.06 | Dec 2, 2010 | Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow. | |||
| CVE-2010-1523 | 0.00 | — | 0.05 | Nov 6, 2010 | Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream. |
- CVE-2000-0624Jul 20, 2000risk 0.03cvss —epss 0.04
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
- CVE-2000-0049Jan 4, 2000risk 0.03cvss —epss 0.02
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
- CVE-2009-3996Dec 18, 2009risk 0.01cvss —epss 0.06
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
- CVE-2009-3995Dec 18, 2009risk 0.01cvss —epss 0.07
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. …
- CVE-2009-1791May 26, 2009risk 0.01cvss —epss 0.07
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an…
- CVE-2009-1788May 26, 2009risk 0.01cvss —epss 0.08
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an…
- CVE-2007-4619Oct 12, 2007risk 0.01cvss —epss 0.07
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a…
- CVE-2006-0708Feb 15, 2006risk 0.01cvss —epss 0.07
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long…
- CVE-2005-3188Dec 31, 2005risk 0.01cvss —epss 0.07
Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.
- CVE-2012-4045Jul 22, 2012risk 0.00cvss —epss 0.03
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
- CVE-2012-3890Jul 11, 2012risk 0.00cvss —epss 0.02
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
- CVE-2012-3889Jul 11, 2012risk 0.00cvss —epss 0.02
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
- CVE-2011-4857Dec 16, 2011risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.
- CVE-2011-3834Dec 16, 2011risk 0.00cvss —epss 0.05
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
- CVE-2010-4374Dec 2, 2010risk 0.00cvss —epss 0.02
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.
- CVE-2010-4373Dec 2, 2010risk 0.00cvss —epss 0.02
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.
- CVE-2010-4372Dec 2, 2010risk 0.00cvss —epss 0.03
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.
- CVE-2010-4370Dec 2, 2010risk 0.00cvss —epss 0.05
Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.
- CVE-2010-2586Dec 2, 2010risk 0.00cvss —epss 0.06
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.
- CVE-2010-1523Nov 6, 2010risk 0.00cvss —epss 0.05
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
Page 2 of 4