CVE-2009-4356 : Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before

Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.

Published 2009-12-18 19:30:01

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2009-4356

Nullsoft » Winamp
Versions up to, including, (<=) 5.56
cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.0
cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.10
cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.7x
cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.6x
cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.77
cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.78
cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.79
cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.81
cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 3.0
cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.60 Lite Edition
cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.61 Full Edition
cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.62 Standard Edition
cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.80
cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.65
cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.70 Full Edition
cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.76
cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.71
cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.72
cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.73
cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.73 Full Edition
cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.74
cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.64 Standard Edition
cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.70
cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.75
cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 3.1
cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.91
cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.4
cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.50
cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.03
cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.04
cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.5e
cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.60 Full Edition
cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.01
cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.02
cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.24
cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.64
cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.06
cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.05
cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.07
cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.0
cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.08c
cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.0.1
cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.0.2
cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.03a
cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.09
cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.091
cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.094
cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.12
cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.08d
cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.08e
cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.13
cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.093
cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.11
cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.95
cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.90
cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.2
cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.1
cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.21
cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.24
cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.3
cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.33
cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.34
cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.32
cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.22
cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.23
cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.31
cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.35
cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.53
cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.62
cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.08
cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.111
cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.36
cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.5
cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.112
cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.51
cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.52
cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.60
cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.61
cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.541
cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.55
cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.08 Update E
cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.08 Update D
cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.08 Update C
cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.54
cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.552
cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.551
cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.531
cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.92
cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.9
cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 5.1 Surround Edition
cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 1.006
cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 1.90
cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 2.6
cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 0.20a
cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*
Matching versions
Nullsoft » Winamp » Version: 0.92
cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-4356

EPSS FAQ

5.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-4356

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-4356

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-4356

http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php

Exploit;Vendor Advisory
http://www.vupen.com/english/advisories/2009/3576

Vendor Advisory
http://forums.winamp.com/showthread.php?threadid=315355

Just a moment...
Patch

CVEs referencing this url
http://www.securityfocus.com/archive/1/508532/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743
http://www.securityfocus.com/bid/37387

Jump to

Vulnerability Details : CVE-2009-4356

Products affected by CVE-2009-4356

Exploit prediction scoring system (EPSS) score for CVE-2009-4356

CVSS scores for CVE-2009-4356

CWE ids for CVE-2009-4356

References for CVE-2009-4356