Vendor
Nullsoft
Nullsoft, Inc. was an American software house founded in Sedona, Arizona in 1997 by programmer Justin Frankel. Its products included the Winamp media player and the SHOUTcast MP3 streaming media server.
Founded 1997
Products
3
CVEs
72
Across products
1,677
Status
Private
Products
3- 1,628 CVEs
- 47 CVEs
- 2 CVEs
Recent CVEs
72| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-0476 | 0.10 | — | 0.89 | Jan 31, 2006 | Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | ||
| CVE-2004-1373 | 0.10 | — | 0.87 | Dec 23, 2004 | Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file. | ||
| CVE-2009-1831 | 0.09 | — | 0.81 | May 29, 2009 | The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow. | ||
| CVE-2006-5567 | 0.07 | — | 0.47 | Oct 27, 2006 | Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags. | ||
| CVE-2004-1119 | 0.07 | — | 0.55 | Jan 10, 2005 | Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. | ||
| CVE-2013-4694 | 0.06 | — | 0.41 | Apr 16, 2014 | Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk. | ||
| CVE-2002-2195 | 0.05 | — | 0.21 | Dec 31, 2002 | Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response. | ||
| CVE-2014-3442 | 0.04 | — | 0.17 | May 23, 2014 | Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. | ||
| CVE-2010-4371 | 0.04 | — | 0.06 | Dec 2, 2010 | Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box. | ||
| CVE-2009-0263 | 0.04 | — | 0.18 | Jan 23, 2009 | Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file. | ||
| CVE-2007-2498 | 0.04 | — | 0.09 | May 4, 2007 | libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. | ||
| CVE-2007-2180 | 0.04 | — | 0.09 | Apr 24, 2007 | Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. | ||
| CVE-2006-3228 | 0.04 | — | 0.09 | Jun 26, 2006 | Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. | ||
| CVE-2006-0720 | 0.04 | — | 0.14 | Feb 23, 2006 | Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | ||
| CVE-2005-2310 | 0.04 | — | 0.08 | Jul 19, 2005 | Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. | ||
| CVE-2004-1150 | 0.04 | — | 0.07 | Dec 31, 2004 | Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | ||
| CVE-2002-0907 | 0.04 | — | 0.15 | Oct 4, 2002 | Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-". | ||
| CVE-2000-0624 | 0.04 | — | 0.06 | Jul 20, 2000 | Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist. | ||
| CVE-2010-3137 | 0.03 | — | 0.04 | Aug 26, 2010 | Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file. | ||
| CVE-2007-1229 | 0.03 | — | 0.04 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. |