All the vulnerabilites related to raphael_assenat - libmikmod
cve-2010-2971
Vulnerability from cvelistv5
Published
2010-08-04 21:00
Modified
2024-08-07 02:55
Severity ?
Summary
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
References
http://www.mandriva.com/security/advisories?name=MDVSA-2010:151vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/48244third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227x_refsource_MISC
http://security.gentoo.org/glsa/glsa-201203-10.xmlvendor-advisory, x_refsource_GENTOO
https://bugzilla.redhat.com/show_bug.cgi?id=614643x_refsource_CONFIRM
http://www.debian.org/security/2010/dsa-2081vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:45.497Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2010:151",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
          },
          {
            "name": "48244",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48244"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
          },
          {
            "name": "GLSA-201203-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
          },
          {
            "name": "DSA-2081",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546.  NOTE: this issue exists because of an incomplete fix for CVE-2009-3995."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T18:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2010:151",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
        },
        {
          "name": "48244",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48244"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
        },
        {
          "name": "GLSA-201203-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
        },
        {
          "name": "DSA-2081",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2971",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546.  NOTE: this issue exists because of an incomplete fix for CVE-2009-3995."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2010:151",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
            },
            {
              "name": "48244",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48244"
            },
            {
              "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227",
              "refsource": "MISC",
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
            },
            {
              "name": "GLSA-201203-10",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=614643",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
            },
            {
              "name": "DSA-2081",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-2081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2971",
    "datePublished": "2010-08-04T21:00:00",
    "dateReserved": "2010-08-04T00:00:00",
    "dateUpdated": "2024-08-07T02:55:45.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3995
Vulnerability from cvelistv5
Published
2009-12-18 18:00
Modified
2024-08-07 06:45
Severity ?
Summary
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
References
http://www.mandriva.com/security/advisories?name=MDVSA-2010:151vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/secunia_research/2009-53/x_refsource_MISC
http://secunia.com/secunia_research/2009-52/x_refsource_MISC
http://forums.winamp.com/showthread.php?threadid=315355x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1107vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/37374vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2010/1957vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/37495third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3575vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/508527/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/40799third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/508526/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/secunia_research/2009-55/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:51.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2010:151",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-53/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-52/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=315355"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "name": "37374",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37374"
          },
          {
            "name": "ADV-2010-1957",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1957"
          },
          {
            "name": "37495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37495"
          },
          {
            "name": "ADV-2009-3575",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3575"
          },
          {
            "name": "20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
          },
          {
            "name": "40799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40799"
          },
          {
            "name": "20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-55/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "MDVSA-2010:151",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-53/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-52/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=315355"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "name": "37374",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37374"
        },
        {
          "name": "ADV-2010-1957",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1957"
        },
        {
          "name": "37495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37495"
        },
        {
          "name": "ADV-2009-3575",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3575"
        },
        {
          "name": "20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
        },
        {
          "name": "40799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40799"
        },
        {
          "name": "20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-55/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-3995",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2010:151",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-53/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-53/"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-52/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-52/"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=315355",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=315355"
            },
            {
              "name": "ADV-2010-1107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1107"
            },
            {
              "name": "SUSE-SR:2010:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
            },
            {
              "name": "37374",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37374"
            },
            {
              "name": "ADV-2010-1957",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1957"
            },
            {
              "name": "37495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37495"
            },
            {
              "name": "ADV-2009-3575",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3575"
            },
            {
              "name": "20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
            },
            {
              "name": "40799",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40799"
            },
            {
              "name": "20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-55/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-55/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-3995",
    "datePublished": "2009-12-18T18:00:00",
    "dateReserved": "2009-11-19T00:00:00",
    "dateUpdated": "2024-08-07T06:45:51.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2546
Vulnerability from cvelistv5
Published
2010-08-04 21:00
Modified
2024-08-07 02:39
Severity ?
Summary
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
References
http://www.mandriva.com/security/advisories?name=MDVSA-2010:151vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/41917vdb-entry, x_refsource_BID
http://secunia.com/advisories/48244third-party-advisory, x_refsource_SECUNIA
http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227x_refsource_MISC
http://security.gentoo.org/glsa/glsa-201203-10.xmlvendor-advisory, x_refsource_GENTOO
http://www.vupen.com/english/advisories/2010/1957vdb-entry, x_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=614643x_refsource_CONFIRM
http://secunia.com/advisories/40799third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2010/dsa-2081vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:36.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2010:151",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
          },
          {
            "name": "41917",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/41917"
          },
          {
            "name": "48244",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48244"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
          },
          {
            "name": "GLSA-201203-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
          },
          {
            "name": "ADV-2010-1957",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1957"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
          },
          {
            "name": "40799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40799"
          },
          {
            "name": "DSA-2081",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope.  NOTE: some of these details are obtained from third party information.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T18:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2010:151",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
        },
        {
          "name": "41917",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/41917"
        },
        {
          "name": "48244",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48244"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
        },
        {
          "name": "GLSA-201203-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
        },
        {
          "name": "ADV-2010-1957",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1957"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
        },
        {
          "name": "40799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40799"
        },
        {
          "name": "DSA-2081",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2081"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2546",
    "datePublished": "2010-08-04T21:00:00",
    "dateReserved": "2010-06-30T00:00:00",
    "dateUpdated": "2024-08-07T02:39:36.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3996
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-08-07 06:45
Severity ?
Summary
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
References
http://www.mandriva.com/security/advisories?name=MDVSA-2010:151vendor-advisory, x_refsource_MANDRIVA
http://forums.winamp.com/showthread.php?threadid=315355x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1107vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/37374vdb-entry, x_refsource_BID
http://secunia.com/advisories/37495third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3575vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/508528/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/secunia_research/2009-56/x_refsource_MISC
http://secunia.com/secunia_research/2009-55/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:51.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2010:151",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=315355"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "name": "37374",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37374"
          },
          {
            "name": "37495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37495"
          },
          {
            "name": "ADV-2009-3575",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3575"
          },
          {
            "name": "20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-56/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-55/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "MDVSA-2010:151",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=315355"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "name": "37374",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37374"
        },
        {
          "name": "37495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37495"
        },
        {
          "name": "ADV-2009-3575",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3575"
        },
        {
          "name": "20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-56/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-55/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-3996",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2010:151",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=315355",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=315355"
            },
            {
              "name": "ADV-2010-1107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1107"
            },
            {
              "name": "SUSE-SR:2010:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
            },
            {
              "name": "37374",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37374"
            },
            {
              "name": "37495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37495"
            },
            {
              "name": "ADV-2009-3575",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3575"
            },
            {
              "name": "20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-56/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-56/"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-55/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-55/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-3996",
    "datePublished": "2009-12-18T19:00:00",
    "dateReserved": "2009-11-19T00:00:00",
    "dateUpdated": "2024-08-07T06:45:51.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2010-08-05 13:22
Modified
2024-11-21 01:16
Severity ?
Summary
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.
References
secalert@redhat.comhttp://secunia.com/advisories/40799Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/48244
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201203-10.xml
secalert@redhat.comhttp://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2081
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:151
secalert@redhat.comhttp://www.securityfocus.com/bid/41917
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1957Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=614643
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40799Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48244
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201203-10.xml
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2081
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/41917
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1957Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=614643
Impacted products
Vendor Product Version
raphael_assenat libmikmod 3.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EB33FA6-1F1A-4255-B468-19036B180C29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope.  NOTE: some of these details are obtained from third party information.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en loaders/load_it.c de libmikmod, posiblemente v3.1.12,puede permitir a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de (1) ejemplos manipulados o (2) definiciones de instrumentos manipulados en un fichero Impulse Tracker, relacionados con panpts, pitpts, and IT_ProcessEnvelope. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de CVE-2009-3995."
    }
  ],
  "id": "CVE-2010-2546",
  "lastModified": "2024-11-21T01:16:52.823",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-05T13:22:29.497",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40799"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48244"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2081"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/41917"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1957"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/41917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-08-05 13:22
Modified
2024-11-21 01:17
Severity ?
Summary
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
References
cve@mitre.orghttp://secunia.com/advisories/48244
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201203-10.xml
cve@mitre.orghttp://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227
cve@mitre.orghttp://www.debian.org/security/2010/dsa-2081
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:151
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=614643
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48244
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201203-10.xml
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2081
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=614643
Impacted products
Vendor Product Version
raphael_assenat libmikmod 3.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EB33FA6-1F1A-4255-B468-19036B180C29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546.  NOTE: this issue exists because of an incomplete fix for CVE-2009-3995."
    },
    {
      "lang": "es",
      "value": "oaders/load_it.c en libmikmod, posiblemente v3.1.12, no considera adecuadamente los tama\u00f1os grandes de name##env en relaci\u00f3n con name##tick y name##node, lo cual permite a atacantes remotos disparar una sobre-lectura de b\u00fafer y posiblemente tener otros impactos no especificados a trav\u00e9s de ficheros Impulse Tracker manipulados, relacionado con el comportamiento de CVE-2010-2546. OTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de CVE-2009-3995."
    }
  ],
  "id": "CVE-2010-2971",
  "lastModified": "2024-11-21T01:17:45.653",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-05T13:22:29.997",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48244"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2010/dsa-2081"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3033086\u0026group_id=40531\u0026atid=428227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-12-18 18:30
Modified
2024-11-21 01:08
Severity ?
Summary
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
References
PSIRT-CNA@flexerasoftware.comhttp://forums.winamp.com/showthread.php?threadid=315355
PSIRT-CNA@flexerasoftware.comhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/37495Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/40799Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-52/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-53/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-55/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:151
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/archive/1/508526/100/0/threaded
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/archive/1/508527/100/0/threaded
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/37374
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2009/3575Patch, Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2010/1107Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2010/1957Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://forums.winamp.com/showthread.php?threadid=315355
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37495Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40799Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-52/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-53/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-55/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508526/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508527/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37374
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3575Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1957Vendor Advisory
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 0.20a
nullsoft winamp 0.92
nullsoft winamp 1.006
nullsoft winamp 1.90
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.9
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.92
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.54
nullsoft winamp 5.55
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112
nullsoft winamp 5.531
nullsoft winamp 5.541
nullsoft winamp 5.551
nullsoft winamp 5.552
raphael_assenat libmikmod 3.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B0A6CA-7418-459E-A1F8-E107651D46A1",
              "versionEndIncluding": "5.56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*",
              "matchCriteriaId": "5785692F-D8FA-4D49-8872-CB8B2F173557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*",
              "matchCriteriaId": "A6E85C52-1974-4F83-89AE-BB29FC897E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*",
              "matchCriteriaId": "CB082F8B-A052-4D82-9D73-2BB35FBA19F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EB33FA6-1F1A-4255-B468-19036B180C29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca IN_MOD. DLL (tambi\u00e9n se conoce como el Plug-in Module Decoder) en Winamp anterior a versi\u00f3n 5.57, y libmikmod versi\u00f3n 3.1.12, podr\u00eda permitir a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de (1) muestras especialmente dise\u00f1adas o (2) definiciones de instrumento dise\u00f1adas en un archivo Impulse Tracker. NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2009-3995",
  "lastModified": "2024-11-21T01:08:41.653",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-18T18:30:00.217",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40799"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-52/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-53/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-55/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-52/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-53/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-55/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1957"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2024-11-21 01:08
Severity ?
Summary
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
References
PSIRT-CNA@flexerasoftware.comhttp://forums.winamp.com/showthread.php?threadid=315355Patch
PSIRT-CNA@flexerasoftware.comhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/37495Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-55/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-56/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:151
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/archive/1/508528/100/0/threaded
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/37374
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2009/3575Patch, Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2010/1107Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://forums.winamp.com/showthread.php?threadid=315355Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37495Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-55/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-56/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508528/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37374
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3575Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107Vendor Advisory
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 0.20a
nullsoft winamp 0.92
nullsoft winamp 1.006
nullsoft winamp 1.90
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.9
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.92
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.54
nullsoft winamp 5.55
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112
nullsoft winamp 5.531
nullsoft winamp 5.541
nullsoft winamp 5.551
nullsoft winamp 5.552
raphael_assenat libmikmod 3.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B0A6CA-7418-459E-A1F8-E107651D46A1",
              "versionEndIncluding": "5.56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*",
              "matchCriteriaId": "5785692F-D8FA-4D49-8872-CB8B2F173557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*",
              "matchCriteriaId": "A6E85C52-1974-4F83-89AE-BB29FC897E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*",
              "matchCriteriaId": "CB082F8B-A052-4D82-9D73-2BB35FBA19F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EB33FA6-1F1A-4255-B468-19036B180C29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca IN_MOD. DLL (tambi\u00e9n se conoce como el Plug-in Module Decoder) en Winamp anterior a versi\u00f3n 5.57, y libmikmod versi\u00f3n 3.1.12, podr\u00eda permitir a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo Ultratracker."
    }
  ],
  "id": "CVE-2009-3996",
  "lastModified": "2024-11-21T01:08:41.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-18T19:30:00.530",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-55/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-56/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-55/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-56/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}