Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
Max CVSS
4.3
EPSS Score
2.08%
Published
2014-05-23
Updated
2017-08-29
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
Max CVSS
7.5
EPSS Score
19.08%
Published
2014-04-16
Updated
2017-08-29
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
Max CVSS
7.5
EPSS Score
4.99%
Published
2012-07-22
Updated
2017-09-19
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
Max CVSS
6.8
EPSS Score
0.54%
Published
2012-07-11
Updated
2017-09-19
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
Max CVSS
6.8
EPSS Score
0.54%
Published
2012-07-11
Updated
2017-09-19
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
4.99%
Published
2011-12-16
Updated
2017-09-19
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
32.72%
Published
2011-12-16
Updated
2017-09-19
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.
Max CVSS
9.3
EPSS Score
0.77%
Published
2010-12-02
Updated
2017-09-19
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
Max CVSS
9.3
EPSS Score
1.64%
Published
2010-12-02
Updated
2017-09-19
Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.
Max CVSS
9.3
EPSS Score
10.35%
Published
2010-12-02
Updated
2018-10-10
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
10.85%
Published
2010-12-02
Updated
2018-10-10
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
Max CVSS
9.3
EPSS Score
6.56%
Published
2010-11-06
Updated
2018-10-10
Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
9.08%
Published
2009-12-18
Updated
2018-10-10
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
Max CVSS
9.3
EPSS Score
19.02%
Published
2009-12-18
Updated
2018-10-10
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
19.73%
Published
2009-12-18
Updated
2018-10-10
CVE-2009-1831
Public exploit
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
Max CVSS
9.3
EPSS Score
95.32%
Published
2009-05-29
Updated
2017-09-29
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
Max CVSS
10.0
EPSS Score
90.84%
Published
2009-01-23
Updated
2017-10-19
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
51.46%
Published
2007-10-12
Updated
2017-09-29
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
Max CVSS
9.3
EPSS Score
93.96%
Published
2005-07-19
Updated
2011-03-08
19 vulnerabilities found