All the vulnerabilites related to nullsoft - winamp
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
Impacted products
Vendor Product Version
nullsoft winamp 2.78
nullsoft winamp 2.79



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en la zona de navegaci\u00f3n de Winamp 2.78 y 2.79 permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo mediante etiquetas ID3v1 o ID3v2 en un fichero MP3."
    }
  ],
  "id": "CVE-2002-0546",
  "lastModified": "2024-11-20T23:39:20.293",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-07-03T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/8753.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/4414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/8753.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/4414"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-02-23 21:02
Modified
2024-11-21 00:07
Severity ?
Summary
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
Impacted products
Vendor Product Version
nullsoft winamp 5.12
nullsoft winamp 5.13



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file."
    }
  ],
  "id": "CVE-2006-0720",
  "lastModified": "2024-11-21T00:07:10.987",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-02-23T21:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?threadid=238648"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/476"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015675"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.nsfocus.com/english/homepage/research/0601.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/425888/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16785"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?threadid=238648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.nsfocus.com/english/homepage/research/0601.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/425888/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/16785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 0.20a
nullsoft winamp 0.92
nullsoft winamp 1.006
nullsoft winamp 1.90
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.9
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.92
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.54
nullsoft winamp 5.55
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112
nullsoft winamp 5.531
nullsoft winamp 5.541
nullsoft winamp 5.551
nullsoft winamp 5.552



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B0A6CA-7418-459E-A1F8-E107651D46A1",
              "versionEndIncluding": "5.56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*",
              "matchCriteriaId": "5785692F-D8FA-4D49-8872-CB8B2F173557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*",
              "matchCriteriaId": "A6E85C52-1974-4F83-89AE-BB29FC897E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*",
              "matchCriteriaId": "CB082F8B-A052-4D82-9D73-2BB35FBA19F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en la los filtros jpeg.w5s y png.w5s de Winamp v5.57 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos  (1) JPEG o (2) PNG mal formados en un archivo MP3."
    }
  ],
  "id": "CVE-2009-4356",
  "lastModified": "2024-11-21T01:09:26.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-18T19:30:00.577",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/508532/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37387"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3576"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508532/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-04-24 17:19
Modified
2024-11-21 00:30
Severity ?
Summary
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
Impacted products
Vendor Product Version
nullsoft winamp 5.3



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Nullsoft Winamp 5.3 permite a atacantes con la intervenci\u00f3n del usuario provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de ficheros WMV.\r\n"
    }
  ],
  "id": "CVE-2007-2180",
  "lastModified": "2024-11-21T00:30:06.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-04-24T17:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2601"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/466291/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23568"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33764"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15697"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/3768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/466291/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/3768"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-12-16 19:55
Modified
2024-11-21 01:31
Severity ?
Summary
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7C8DF0F-15D3-46EE-8665-D7FADF42A362",
              "versionEndIncluding": "5.622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "202377E4-E8A7-494B-B0A1-DAED56E34401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23370CB-AA61-4C6A-A742-1DC2050926A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C841E22-820E-40F6-864D-ED4485180F7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en el componente in_avi.dll de Winamp en versiones anteriores de 5.623. Permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo AVI con un valor modificado de (1) el n\u00famero de streams o (2) el tama\u00f1o de los conjuntos (\"chunk\") RIFF INFO, provocando un desbordamiento de memoria din\u00e1mica."
    }
  ],
  "id": "CVE-2011-3834",
  "lastModified": "2024-11-21T01:31:22.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-12-16T19:55:00.923",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://forums.winamp.com/showthread.php?t=332010"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46882"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2011-81/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?t=332010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2011-81/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14981"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-10-12 21:17
Modified
2024-11-21 00:36
Severity ?
Summary
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
References
cve@mitre.orghttp://bugzilla.redhat.com/show_bug.cgi?id=331991
cve@mitre.orghttp://flac.sourceforge.net/changelog.html#flac_1_2_1Patch
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
cve@mitre.orghttp://secunia.com/advisories/27210
cve@mitre.orghttp://secunia.com/advisories/27223
cve@mitre.orghttp://secunia.com/advisories/27355
cve@mitre.orghttp://secunia.com/advisories/27399
cve@mitre.orghttp://secunia.com/advisories/27507
cve@mitre.orghttp://secunia.com/advisories/27601
cve@mitre.orghttp://secunia.com/advisories/27625
cve@mitre.orghttp://secunia.com/advisories/27628
cve@mitre.orghttp://secunia.com/advisories/27780
cve@mitre.orghttp://secunia.com/advisories/27878
cve@mitre.orghttp://secunia.com/advisories/28548
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200711-15.xml
cve@mitre.orghttp://securitytracker.com/id?1018815
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1469
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:214
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0975.html
cve@mitre.orghttp://www.securityfocus.com/bid/26042Patch
cve@mitre.orghttp://www.ubuntu.com/usn/usn-540-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3483
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3484
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/4061
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=332571
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37187
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1873
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.redhat.com/show_bug.cgi?id=331991
af854a3a-2127-422b-91ae-364da2661108http://flac.sourceforge.net/changelog.html#flac_1_2_1Patch
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27210
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27223
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27355
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27399
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27507
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27601
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27625
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27628
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27780
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27878
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28548
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200711-15.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018815
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1469
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:214
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0975.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26042Patch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-540-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3483
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3484
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/4061
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=332571
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37187
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1873
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html
Impacted products
Vendor Product Version
flac libflac *
nullsoft winamp *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D389BAA-4D7C-4126-8D3D-9C8286BDBB45",
              "versionEndIncluding": "1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "366727E0-07BA-4D81-8EB2-7B291722C558",
              "versionEndIncluding": "5.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en Free Lossless Audio Codec (FLAC) libFLAC versiones anteriores a 1.2.1, como se usan Winamp versiones anteriores a 5.5 y otros productos, permiten a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero FLAC malformado que dispara una ubicaci\u00f3n de memoria inapropiada, resultando en un desbordamiento de b\u00fafer basado en mont\u00edculo."
    }
  ],
  "id": "CVE-2007-4619",
  "lastModified": "2024-11-21T00:36:02.093",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-10-12T21:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27210"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27223"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27355"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27399"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27507"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27601"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27625"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27628"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27780"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27878"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28548"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018815"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26042"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-540-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3483"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3484"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4061"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1873"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-540-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.
Impacted products
Vendor Product Version
nullsoft winamp 2.91
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file."
    }
  ],
  "id": "CVE-2004-1896",
  "lastModified": "2024-11-20T23:52:00.113",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108118289208693\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/11285"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1009660"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.nextgenss.com/advisories/winampheap.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/4944"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10045"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108118289208693\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/11285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1009660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.nextgenss.com/advisories/winampheap.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/4944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15727"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-02 16:22
Modified
2024-11-21 01:20
Severity ?
Summary
Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7D704-AF80-4CB2-8B1B-7F9A08F07507",
              "versionEndIncluding": "5.581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos enteros en el plugin in_midi en Winamp anterior a versi\u00f3n 5.6, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo MIDI especialmente dise\u00f1ado que desencadena un desbordamiento de b\u00fafer."
    }
  ],
  "id": "CVE-2010-4370",
  "lastModified": "2024-11-21T01:20:48.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-02T16:22:21.943",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/515388/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/515388/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11841"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
Impacted products
Vendor Product Version
nullsoft winamp 5.0
nullsoft winamp 5.01
nullsoft winamp 5.02
nullsoft winamp 5.03
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08c



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file."
    }
  ],
  "id": "CVE-2004-1150",
  "lastModified": "2024-11-20T23:50:13.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110684140108614\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13781"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.nsfocus.com/english/homepage/research/0501.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/12381"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.winamp.com/player/version_history.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18840"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110684140108614\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.nsfocus.com/english/homepage/research/0501.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/12381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.winamp.com/player/version_history.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18840"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-07-22 17:55
Modified
2024-11-21 01:42
Severity ?
Summary
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
Impacted products
Vendor Product Version
nullsoft winamp *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EFEBF8-7740-4AEF-BE59-59FD6AEF6215",
              "versionEndIncluding": "5.63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de bufer basado en bmp.w5s en Winamp v5.63 anterior a build 3235, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la porci\u00f3n (1) STRF en BI_RGB o (2) los datos de v\u00eddeo UYVY en un archivo AVI, o (3) descomprime TechSmith captura de Pantalla Codec (TSCC) de datos en un archivo AVI."
    }
  ],
  "id": "CVE-2012-4045",
  "lastModified": "2024-11-21T01:42:06.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-22T17:55:03.337",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?t=345684"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46624"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/54131"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15335"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?t=345684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15335"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-04-02 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
Impacted products
Vendor Product Version
nullsoft winamp 3.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el procesador de XML en wsabi.dll de Winamp 3 (1.0.0.488) permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero de piel (skin) .wal con una etiqueta de incluir fichero larga."
    }
  ],
  "id": "CVE-2002-1524",
  "lastModified": "2024-11-20T23:41:30.537",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-04-02T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10228.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10228.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5832"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-05-26 17:30
Modified
2024-11-21 01:03
Severity ?
Summary
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
References
cve@mitre.orghttp://secunia.com/advisories/35076Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35247
cve@mitre.orghttp://secunia.com/advisories/35443
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200905-09.xml
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1814
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:132
cve@mitre.orghttp://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/Patch, Vendor Advisory
cve@mitre.orghttp://www.mega-nerd.com/libsndfile/Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/34978Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1324Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50541
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35076Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35247
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35443
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200905-09.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1814
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
af854a3a-2127-422b-91ae-364da2661108http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mega-nerd.com/libsndfile/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34978Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1324Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50541
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "570D85F0-F757-488A-A059-54BF0810F1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28BC682-E6B1-4A63-9734-FDB6019B9AE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8823A84B-4694-4838-A877-AE66400B26BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C2B0D1-AE8A-4978-85B0-C5E0ABE89E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "759BBF60-8964-4590-A5EB-F21EB4049E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en aiff_read_header en libsndfile desde v1.0.15 hasta v1.0.19, como se utiliza en Winamp v5.552 y posiblemente otros programas multimedia, permite a atacantes remotos producir una denegaci\u00f3n (ca\u00edda de aplicaci\u00f3n) y posiblemente la ejecuci\u00f3n de c\u00f3digo de modo arbitrario a trav\u00e9s de un fichero AIFF con un valor de cabecera no valido."
    }
  ],
  "id": "CVE-2009-1791",
  "lastModified": "2024-11-21T01:03:22.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-05-26T17:30:02.063",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35076"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35247"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35443"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1814"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.mega-nerd.com/libsndfile/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34978"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1324"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.mega-nerd.com/libsndfile/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-03-05 02:30
Modified
2024-11-21 00:59
Severity ?
Summary
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
References
PSIRT-CNA@flexerasoftware.comhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/33980Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/33981Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/34316
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/34526
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/34642
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/34791
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-7/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-8/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://security.gentoo.org/glsa/glsa-200904-16.xml
PSIRT-CNA@flexerasoftware.comhttp://www.debian.org/security/2009/dsa-1742
PSIRT-CNA@flexerasoftware.comhttp://www.mega-nerd.com/libsndfile/NEWS
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/archive/1/501399/100/0/threaded
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/archive/1/501413/100/0/threaded
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/33963
PSIRT-CNA@flexerasoftware.comhttp://www.securitytracker.com/id?1021784
PSIRT-CNA@flexerasoftware.comhttp://www.ubuntu.com/usn/USN-749-1
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2009/0584Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2009/0585Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/49038
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33980Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33981Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34316
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34526
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34642
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34791
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-7/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-8/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200904-16.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1742
af854a3a-2127-422b-91ae-364da2661108http://www.mega-nerd.com/libsndfile/NEWS
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/501399/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/501413/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33963
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021784
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-749-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0584Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0585Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49038



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30C97108-A0D5-41AE-9D66-548A679ECD91",
              "versionEndIncluding": "1.0.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC3B1750-4CC0-44EA-A029-B42B8D341191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:0.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "98620203-42FE-4C3F-AD03-CC477712A38A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD8A661-B9F9-46C0-AFE0-F4B0ADE25CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3FE94C03-86CE-4FF7-B2A2-3BC3D6F18810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.0:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "22C7A5B0-6D12-46D3-8474-133C936D4788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "93CC8970-3901-46B7-9BBA-323F0B600A38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA68E7AA-BD78-4AA8-A09C-61DDF3AD7B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "73D48F80-6625-49CC-816F-C71EAB6C3FC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30F54A9-501A-48C4-98DF-36A58CC0EC74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A89E2CE-793A-4040-A611-759CC060FEEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A4D8112-A8A3-4803-BB37-93956770FDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F96730-512A-4B12-B365-2E7DFC5D401D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "01ADE6F4-21F6-4CA1-BA9C-B7A73173981D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "263665FB-C27E-4BA4-A41C-90DB0286A58B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A37DA09-D58A-4B3B-86D7-6447CF11B869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0080125E-B49E-4A39-8CEB-A309D8F35074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A03E3DF-F506-4476-BB3B-7ACE69717632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAD0D6ED-4C26-4278-929D-CC874B4A974E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "860DAC59-7CB7-4FCA-9198-B2E0E2C313D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "570D85F0-F757-488A-A059-54BF0810F1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28BC682-E6B1-4A63-9734-FDB6019B9AE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8823A84B-4694-4838-A877-AE66400B26BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en libsndfile v1,0,18, usado en Winamp y otros productos, permite a atacantes dependientes de contexto la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un trozo de descripci\u00f3n manipulada en un archivo de audio CAF, permitiendo  un desbordamiento de b\u00fafer basado en mont\u00edculo."
    }
  ],
  "id": "CVE-2009-0186",
  "lastModified": "2024-11-21T00:59:18.527",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-03-05T02:30:00.280",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33980"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33981"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/34316"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/34526"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/34791"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-7/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-8/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://security.gentoo.org/glsa/glsa-200904-16.xml"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.debian.org/security/2009/dsa-1742"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mega-nerd.com/libsndfile/NEWS"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/501399/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/501413/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/33963"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securitytracker.com/id?1021784"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.ubuntu.com/usn/USN-749-1"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0584"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0585"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-8/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200904-16.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mega-nerd.com/libsndfile/NEWS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501399/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501413/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-749-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49038"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-12-18 18:30
Modified
2024-11-21 01:08
Severity ?
Summary
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
References
PSIRT-CNA@flexerasoftware.comhttp://forums.winamp.com/showthread.php?threadid=315355
PSIRT-CNA@flexerasoftware.comhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/37495Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/40799Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-52/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-53/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-55/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:151
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/archive/1/508526/100/0/threaded
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/archive/1/508527/100/0/threaded
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/37374
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2009/3575Patch, Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2010/1107Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2010/1957Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://forums.winamp.com/showthread.php?threadid=315355
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37495Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40799Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-52/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-53/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-55/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508526/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508527/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37374
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3575Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1957Vendor Advisory
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 0.20a
nullsoft winamp 0.92
nullsoft winamp 1.006
nullsoft winamp 1.90
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.9
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.92
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.54
nullsoft winamp 5.55
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112
nullsoft winamp 5.531
nullsoft winamp 5.541
nullsoft winamp 5.551
nullsoft winamp 5.552
raphael_assenat libmikmod 3.1.12



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B0A6CA-7418-459E-A1F8-E107651D46A1",
              "versionEndIncluding": "5.56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*",
              "matchCriteriaId": "5785692F-D8FA-4D49-8872-CB8B2F173557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*",
              "matchCriteriaId": "A6E85C52-1974-4F83-89AE-BB29FC897E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*",
              "matchCriteriaId": "CB082F8B-A052-4D82-9D73-2BB35FBA19F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EB33FA6-1F1A-4255-B468-19036B180C29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca IN_MOD. DLL (tambi\u00e9n se conoce como el Plug-in Module Decoder) en Winamp anterior a versi\u00f3n 5.57, y libmikmod versi\u00f3n 3.1.12, podr\u00eda permitir a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de (1) muestras especialmente dise\u00f1adas o (2) definiciones de instrumento dise\u00f1adas en un archivo Impulse Tracker. NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2009-3995",
  "lastModified": "2024-11-21T01:08:41.653",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-18T18:30:00.217",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40799"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-52/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-53/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-55/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-52/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-53/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-55/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1957"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-05-31 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
Impacted products
Vendor Product Version
nullsoft winamp 2.77
nullsoft winamp 2.78



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname."
    },
    {
      "lang": "es",
      "value": "Winamp 2.78 y 2.77, cuando abre un fichero wma (windows media audio) que necesita una licencia, env\u00eda la ruta completa del directorio de ficheros temporales de internet directamente a la p\u00e1gina web que procesa la licencia, lo que podr\u00eda permitir a servidores web maliciosos obtener la ruta."
    }
  ],
  "id": "CVE-2002-0284",
  "lastModified": "2024-11-20T23:38:43.813",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2002-05-31T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=101408781031527\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=101408781031527\u0026w=2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-07-11 10:26
Modified
2024-11-21 01:41
Severity ?
Summary
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF0D19B1-CBD0-426A-B818-6E47D74AC195",
              "versionEndIncluding": "5.623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F68A5E59-389B-4308-9D41-D665680EEC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:beta:*:*:*:*:*:*",
              "matchCriteriaId": "402F8767-1788-48BB-BCBE-E9E6B5F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:beta:*:*:*:*:*:*",
              "matchCriteriaId": "147C01F2-11E0-495A-916E-7C66D8CF4104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23370CB-AA61-4C6A-A742-1DC2050926A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.59:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F779958C-39AA-4AE8-895B-0BC1FA5401E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE65516-EA95-4DAE-93F5-FE19FFD9F04D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C841E22-820E-40F6-864D-ED4485180F7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file."
    },
    {
      "lang": "es",
      "value": "El plug-in in_mod de Winamp antes de v5.63 permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de un fichero .IT."
    }
  ],
  "id": "CVE-2012-3889",
  "lastModified": "2024-11-21T01:41:48.017",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-11T10:26:11.860",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=345684"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46624"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/54131"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=345684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14748"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-10-27 16:07
Modified
2024-11-21 00:19
Severity ?
Summary
Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431Patch, Vendor Advisory
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22580Patch, Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017119
cve@mitre.orghttp://securitytracker.com/id?1017120Patch
cve@mitre.orghttp://www.kb.cert.org/vuls/id/449092US Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/20744Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4196
cve@mitre.orghttp://www.winamp.com/player/version_history.php#5.31
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29804
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29807
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15686
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22580Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017119
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017120Patch
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/449092US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20744Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4196
af854a3a-2127-422b-91ae-364da2661108http://www.winamp.com/player/version_history.php#5.31
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29804
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29807
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15686
Impacted products
Vendor Product Version
nullsoft winamp 5.3
nullsoft winamp 5.24



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basado en mont\u00f3n en AOL Nullsoft WinAmp anterior a 5.31 permite a un atacante remoto con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cabecera manipulada (1)ultravox-max-msg a el manejador de protocolo Ultravox o (2) etiquetas no especificadas Lyrics3."
    }
  ],
  "evaluatorSolution": "Upgrade to 5.31",
  "id": "CVE-2006-5567",
  "lastModified": "2024-11-21T00:19:45.757",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-10-27T16:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22580"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017119"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017120"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/449092"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20744"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4196"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.winamp.com/player/version_history.php#5.31"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29804"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29807"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1017120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/449092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.winamp.com/player/version_history.php#5.31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15686"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-23 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39B1A82E-E023-445B-AB23-C60F99CAD2EB",
              "versionEndIncluding": "5.666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F68A5E59-389B-4308-9D41-D665680EEC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:beta:*:*:*:*:*:*",
              "matchCriteriaId": "402F8767-1788-48BB-BCBE-E9E6B5F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:beta:*:*:*:*:*:*",
              "matchCriteriaId": "147C01F2-11E0-495A-916E-7C66D8CF4104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23370CB-AA61-4C6A-A742-1DC2050926A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.59:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F779958C-39AA-4AE8-895B-0BC1FA5401E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE65516-EA95-4DAE-93F5-FE19FFD9F04D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F963C3-2D9B-41BC-8D80-15C1327880EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C841E22-820E-40F6-864D-ED4485180F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.623:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5CFCAE4-62A4-4447-BBB9-775DB8FAD662",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s."
    },
    {
      "lang": "es",
      "value": "Winamp 5.666 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda) a trav\u00e9s de un archivo .FLV malformado, relacionado con f263.w5s."
    }
  ],
  "id": "CVE-2014-3442",
  "lastModified": "2024-11-21T02:08:06.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-23T14:55:11.553",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/126636"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/67429"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/126636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/67429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93173"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-01-31 11:03
Modified
2024-11-21 00:06
Severity ?
Summary
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
References
cve@mitre.orghttp://secunia.com/advisories/18649Patch, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/386
cve@mitre.orghttp://securityreason.com/securityalert/398
cve@mitre.orghttp://securitytracker.com/id?1015552
cve@mitre.orghttp://www.heise.de/newsticker/meldung/68981
cve@mitre.orghttp://www.kb.cert.org/vuls/id/604745US Government Resource
cve@mitre.orghttp://www.osvdb.org/22789
cve@mitre.orghttp://www.securityfocus.com/archive/1/423436/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/423548/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/16410
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA06-032A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/0361
cve@mitre.orghttp://www.winamp.com/player/version_history.php
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/24361
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402
cve@mitre.orghttps://www.exploit-db.com/exploits/3422
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18649Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/386
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/398
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015552
af854a3a-2127-422b-91ae-364da2661108http://www.heise.de/newsticker/meldung/68981
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/604745US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/22789
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/423436/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/423548/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16410
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA06-032A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0361
af854a3a-2127-422b-91ae-364da2661108http://www.winamp.com/player/version_history.php
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24361
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/3422
Impacted products
Vendor Product Version
nullsoft winamp 5.12



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field)."
    }
  ],
  "id": "CVE-2006-0476",
  "lastModified": "2024-11-21T00:06:33.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-01-31T11:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18649"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/386"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/398"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015552"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.heise.de/newsticker/meldung/68981"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/604745"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/22789"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/423436/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/423548/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16410"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-032A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/0361"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.winamp.com/player/version_history.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24361"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/3422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/18649"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.heise.de/newsticker/meldung/68981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/604745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/22789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/423436/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/423548/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-032A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.winamp.com/player/version_history.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/3422"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-02-15 11:06
Modified
2024-11-21 00:07
Severity ?
Summary
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
References
cve@mitre.orghttp://forums.winamp.com/showthread.php?s=&threadid=238648
cve@mitre.orghttp://securityreason.com/securityalert/444
cve@mitre.orghttp://securityreason.com/securityalert/492
cve@mitre.orghttp://securitytracker.com/id?1015621Exploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/424903/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/16623
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/0613
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/24739
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/24740
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/24741
af854a3a-2127-422b-91ae-364da2661108http://forums.winamp.com/showthread.php?s=&threadid=238648
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/444
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/492
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015621Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/424903/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16623
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0613
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24739
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24740
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/24741
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476."
    }
  ],
  "id": "CVE-2006-0708",
  "lastModified": "2024-11-21T00:07:09.187",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-02-15T11:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=238648"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/444"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/492"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1015621"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/424903/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16623"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/0613"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24739"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=238648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1015621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/424903/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16623"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24741"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-04-10 23:19
Modified
2024-11-21 00:29
Severity ?
Summary
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
References
cve@mitre.orghttp://marc.info/?l=dailydave&m=117589949000906&w=2
cve@mitre.orghttp://marc.info/?l=dailydave&m=117590046601511&w=2
cve@mitre.orghttp://osvdb.org/34430
cve@mitre.orghttp://osvdb.org/34431
cve@mitre.orghttp://securityreason.com/securityalert/2532
cve@mitre.orghttp://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txtPatch, Vendor Advisory
cve@mitre.orghttp://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt
cve@mitre.orghttp://www.securityfocus.com/archive/1/464890/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/464893/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/23350
cve@mitre.orghttp://www.securitytracker.com/id?1017886
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1286
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/33480
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=dailydave&m=117589949000906&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=dailydave&m=117590046601511&w=2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/34430
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/34431
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2532
af854a3a-2127-422b-91ae-364da2661108http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txtPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/464890/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/464893/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23350
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017886
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1286
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33480
Impacted products
Vendor Product Version
nullsoft winamp 5.33



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption."
    },
    {
      "lang": "es",
      "value": "Los m\u00f3dulos Impulse Tracker (IT) y ScreamTracker 3 (S3M) en IN_MOD.DLL de AOL Nullsoft Winamp 5.33 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante ficheros artesanales (1) .IT o (2) .S3M que contienen valores de enteros que son usados como delimitadores (offsets) de memoria, lo cual provoca una corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2007-1922",
  "lastModified": "2024-11-21T00:29:28.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-10T23:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=dailydave\u0026m=117589949000906\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=dailydave\u0026m=117590046601511\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34430"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34431"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2532"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/464890/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/464893/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23350"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017886"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1286"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=dailydave\u0026m=117589949000906\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=dailydave\u0026m=117590046601511\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/464890/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/464893/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33480"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.
Impacted products
Vendor Product Version
nullsoft winamp 5.02



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim\u0027s player to crash when the file is opened from the command line."
    }
  ],
  "id": "CVE-2004-2384",
  "lastModified": "2024-11-20T23:53:13.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/357986"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/358097"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9920"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/357986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/358097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15541"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-02 16:22
Modified
2024-11-21 01:16
Severity ?
Summary
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7D704-AF80-4CB2-8B1B-7F9A08F07507",
              "versionEndIncluding": "5.581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en el plugin in_nsv en Winamp anterior a v5.6 permite a atacantes remotos tener un impacto no especificado trav\u00e9s tabla de contenidos (TOC) manipulada en un (1) flujo NSV o (2) fichero NSV provocando un desbordamiento de pila."
    }
  ],
  "id": "CVE-2010-2586",
  "lastModified": "2024-11-21T01:16:57.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-02T16:22:20.973",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42004"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-127/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/514962/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-127/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514962/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12587"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-08-28 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file."
    }
  ],
  "id": "CVE-2004-0820",
  "lastModified": "2024-11-20T23:49:29.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-08-28T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12381/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.auscert.org.au/render.html?it=4338"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.frsirt.com/exploits/08252004.skinhead.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12381/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.auscert.org.au/render.html?it=4338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.frsirt.com/exploits/08252004.skinhead.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17124"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-01-04 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
Impacted products
Vendor Product Version
nullsoft winamp 2.0
nullsoft winamp 2.10



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file."
    }
  ],
  "id": "CVE-2000-0049",
  "lastModified": "2024-11-20T23:31:36.463",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-01-04T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/12022"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/12022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/925"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-08-10 20:41
Modified
2024-11-21 00:49
Severity ?
Summary
Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C7D4DC-6157-4F53-93D2-F8539B43F0B8",
              "versionEndIncluding": "5.54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-zone scripting en la funci\u00f3n NowPlaying en NullSoft Winamp anterior a versi\u00f3n 5.541, permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS) por medio de un archivo MP3 con JavaScript en etiquetas id3."
    }
  ],
  "id": "CVE-2008-3567",
  "lastModified": "2024-11-21T00:49:33.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-08-10T20:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=295505"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31371"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30539"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44207"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=295505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15716"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-08-17 22:17
Modified
2024-11-21 00:35
Severity ?
Summary
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.
Impacted products
Vendor Product Version
nullsoft winamp 5.35



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself."
    },
    {
      "lang": "es",
      "value": "Winamp 5.35 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desbordamiento de pila de programa y ca\u00edda de la aplicaci\u00f3n) mediante un archivo M3U que se incluye a s\u00ed mismo recursivamente."
    }
  ],
  "id": "CVE-2007-4392",
  "lastModified": "2024-11-21T00:35:28.973",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-17T22:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://morph3us.org/advisories/20070730-winamp-5.35.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3040"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/475161/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/475183/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/475260/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/475489/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://morph3us.org/advisories/20070730-winamp-5.35.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/475161/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/475183/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/475260/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/475489/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15504"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-12-26 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
Impacted products
Vendor Product Version
nullsoft winamp 3.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en Winamp 3.0 cuando muestra un MP3 en la ventana de Libreria de Medios, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero MP3 conteniendo una etiqueta ID3v2 de Artista o \u00c1lbum larga."
    }
  ],
  "id": "CVE-2002-1177",
  "lastModified": "2024-11-20T23:40:45.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-26T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6429"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
Impacted products
Vendor Product Version
nullsoft winamp 3.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters."
    }
  ],
  "id": "CVE-2003-1273",
  "lastModified": "2024-11-20T23:46:45.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6517"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10982"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-08-26 18:36
Modified
2024-11-21 01:18
Severity ?
Summary
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.
Impacted products
Vendor Product Version
nullsoft winamp 5.581



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C841E22-820E-40F6-864D-ED4485180F7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Nullsoft Winamp v5.581 y probablemente en otras versiones, permiten a usuarios locales y posiblemente a atacantes remotos, ejecutar c\u00f3digo de su elecci\u00f3n y llevar a cabo ataques de secuestro de DLL a trav\u00e9s de un troyano wnaspi32.dll que se encuentra en la misma carpeta como un archivo .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf o .cda"
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426 - \u0027Untrusted Search Path Vulnerability\u0027",
  "id": "CVE-2010-3137",
  "lastModified": "2024-11-21T01:18:06.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-26T18:36:36.157",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/41093"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14789"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/41093"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/14789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-01-23 19:00
Modified
2024-11-21 00:59
Severity ?
Summary
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.54
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9872304B-8AEB-4EF5-A0C8-73722CEE0368",
              "versionEndIncluding": "5.541",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*",
              "matchCriteriaId": "5785692F-D8FA-4D49-8872-CB8B2F173557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*",
              "matchCriteriaId": "A6E85C52-1974-4F83-89AE-BB29FC897E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*",
              "matchCriteriaId": "CB082F8B-A052-4D82-9D73-2BB35FBA19F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en Winamp v5.541 y anteriores, permiten a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente ejecuci\u00f3n c\u00f3digo de su eledcci\u00f3n a trav\u00e9s de (1) un valor de cabecera Common Chunk (COMM) largo en un fichero AIFF y (2) un valor inv\u00e1lido largo en un fichero MP3."
    }
  ],
  "id": "CVE-2009-0263",
  "lastModified": "2024-11-21T00:59:28.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-23T19:00:05.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33478"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0113"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/7742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7742"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-04-16 22:55
Modified
2024-11-21 01:56
Severity ?
Summary
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
References
cve@mitre.orghttp://forums.winamp.com/showthread.php?t=364291Patch, Vendor Advisory
cve@mitre.orghttp://osvdb.org/94739
cve@mitre.orghttp://osvdb.org/94740
cve@mitre.orghttp://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.htmlExploit
cve@mitre.orghttp://packetstormsecurity.com/files/122978Exploit
cve@mitre.orghttp://seclists.org/fulldisclosure/2013/Jul/4Exploit
cve@mitre.orghttp://www.exploit-db.com/exploits/26558Exploit
cve@mitre.orghttp://www.securityfocus.com/bid/60883Exploit
cve@mitre.orghttp://www.securitytracker.com/id/1030107
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/85399
cve@mitre.orghttps://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695Exploit
af854a3a-2127-422b-91ae-364da2661108http://forums.winamp.com/showthread.php?t=364291Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/94739
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/94740
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/122978Exploit
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2013/Jul/4Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/26558Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/60883Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030107
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85399
af854a3a-2127-422b-91ae-364da2661108https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695Exploit



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EFEBF8-7740-4AEF-BE59-59FD6AEF6215",
              "versionEndIncluding": "5.63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F68A5E59-389B-4308-9D41-D665680EEC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:beta:*:*:*:*:*:*",
              "matchCriteriaId": "402F8767-1788-48BB-BCBE-E9E6B5F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:beta:*:*:*:*:*:*",
              "matchCriteriaId": "147C01F2-11E0-495A-916E-7C66D8CF4104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23370CB-AA61-4C6A-A742-1DC2050926A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.59:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F779958C-39AA-4AE8-895B-0BC1FA5401E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE65516-EA95-4DAE-93F5-FE19FFD9F04D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C841E22-820E-40F6-864D-ED4485180F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.623:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5CFCAE4-62A4-4447-BBB9-775DB8FAD662",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name.  NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en pila en gen_jumpex.dll en Winamp anterior a 5.64 Build 3418 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete con un nombre de directorio Skin largo.  NOTA: un segundo desbordamiento de buffer involucrando un campo de b\u00fasqueda GUI largo hacia ml_local.dll fue tambi\u00e9n reportado. Sin embargo, como solo es explotable por el usuario de la aplicaci\u00f3n, este problema no cruzar\u00eda l\u00edmites de privilegio a no ser que Winamp est\u00e1 funcionando bajo un entorno altamente restringido como un kiosk."
    }
  ],
  "id": "CVE-2013-4694",
  "lastModified": "2024-11-21T01:56:05.043",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-16T22:55:06.137",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=364291"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/94739"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/94740"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/122978"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Jul/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/26558"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/60883"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1030107"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85399"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=364291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/94739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/94740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/122978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Jul/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/26558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/60883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
Impacted products
Vendor Product Version
nullsoft winamp 3.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux."
    }
  ],
  "id": "CVE-2003-1274",
  "lastModified": "2024-11-20T23:46:45.623",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10983"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-12-18 18:30
Modified
2024-11-21 01:08
Severity ?
Summary
Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow.
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 0.20a
nullsoft winamp 0.92
nullsoft winamp 1.006
nullsoft winamp 1.90
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.9
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.92
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.54
nullsoft winamp 5.55
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112
nullsoft winamp 5.531
nullsoft winamp 5.541
nullsoft winamp 5.551
nullsoft winamp 5.552



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B0A6CA-7418-459E-A1F8-E107651D46A1",
              "versionEndIncluding": "5.56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*",
              "matchCriteriaId": "5785692F-D8FA-4D49-8872-CB8B2F173557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*",
              "matchCriteriaId": "A6E85C52-1974-4F83-89AE-BB29FC897E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*",
              "matchCriteriaId": "CB082F8B-A052-4D82-9D73-2BB35FBA19F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de entero en in_mod.dll (complemento \u0027Module Decoder\u0027) de Winamp antes de v5.57, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo Oktalyzer que provoca un desbordamiento de b\u00fafer basado en mont\u00edculo."
    }
  ],
  "id": "CVE-2009-3997",
  "lastModified": "2024-11-21T01:08:41.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-18T18:30:00.360",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-57/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/508524/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-57/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508524/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15715"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-08-01 14:41
Modified
2024-11-21 00:49
Severity ?
Summary
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Impacted products
Vendor Product Version
nullsoft winamp *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7E96AA-9632-4A5E-8BEA-9837D838CD0D",
              "versionEndExcluding": "5.24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
    },
    {
      "lang": "es",
      "value": "Nullsoft Winamp anterior a 5.24 no verifica adecuadamente la autenticidad de las actualizaciones, lo cual permite a atacantes de tipo \u0027hombre en el medio\u0027 (man-in-the-middle) ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la actualizaci\u00f3n de un Caballo de Troya, como se demuestra por el grado de da\u00f1o y el envenenamiento de la cach\u00e9 DNS."
    }
  ],
  "id": "CVE-2008-3441",
  "lastModified": "2024-11-21T00:49:15.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-01T14:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1020582"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1020582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
Impacted products
Vendor Product Version
nullsoft winamp 5.07



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file."
    }
  ],
  "id": "CVE-2004-1396",
  "lastModified": "2024-11-20T23:50:47.057",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=202007"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110297310503541\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=110303988101973\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/alerts/2004/Dec/1012525.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/372968"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/11909"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18466"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=202007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110297310503541\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=110303988101973\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/alerts/2004/Dec/1012525.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/372968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/11909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18467"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-03-05 20:30
Modified
2024-11-21 01:01
Severity ?
Summary
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information.
Impacted products
Vendor Product Version
myplugins gen_msn 0.31
nullsoft winamp 5.541



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:myplugins:gen_msn:0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2661FAA-A987-40DF-9EA7-7BBCD28BBBA9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en  gen_msn.dll en la extensi\u00f3n (plugin) gen_msn v0.31 para Winamp v5.541 permite a atacantes remotos ejecutar c\u00f3digo de su eleccion a trav\u00e9s de un fichero playlist (.pls) con una URL larga en el campo \"File1\".\r\nNOTA: algunos de estos detalles han sido obtenidos a partir de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2009-0833",
  "lastModified": "2024-11-21T01:01:00.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-03-05T20:30:00.717",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33425"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/33159"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15659"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/7696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/33159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7696"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code."
    }
  ],
  "id": "CVE-2002-2392",
  "lastModified": "2024-11-20T23:43:34.573",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/bugtraq/2002/Jul/0205.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/9630.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/5266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/bugtraq/2002/Jul/0205.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/9630.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/5266"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-05-29 22:30
Modified
2024-11-21 01:03
Severity ?
Summary
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.54
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112
nullsoft winamp 5.541



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8F363B-DB47-4691-9821-7F351D6F43B7",
              "versionEndIncluding": "5.55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*",
              "matchCriteriaId": "5785692F-D8FA-4D49-8872-CB8B2F173557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*",
              "matchCriteriaId": "A6E85C52-1974-4F83-89AE-BB29FC897E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*",
              "matchCriteriaId": "CB082F8B-A052-4D82-9D73-2BB35FBA19F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo de Nullsoft Modern Skins Support (biblioteca gen_ff.dll) en Winamp de Nullsoft anterior a versi\u00f3n 5.552, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo MAKI dise\u00f1ado, que desencadena una extensi\u00f3n de signo incorrecta, un desbordamiento de enteros y un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria."
    }
  ],
  "id": "CVE-2009-1831",
  "lastModified": "2024-11-21T01:03:28.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-05-29T22:30:00.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35052"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50664"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/8767"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/8770"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/8772"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/8783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/8767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/8770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/8772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/8783"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-07-20 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
Impacted products
Vendor Product Version
nullsoft winamp *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB469B7-3828-4AC5-925D-4C2117DA51C8",
              "versionEndIncluding": "2.64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist."
    }
  ],
  "id": "CVE-2000-0624",
  "lastModified": "2024-11-20T23:32:55.297",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-07-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1496"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.winamp.com/getwinamp/newfeatures.jhtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/1496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.winamp.com/getwinamp/newfeatures.jhtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4956"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-02 16:22
Modified
2024-11-21 01:20
Severity ?
Summary
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7D704-AF80-4CB2-8B1B-7F9A08F07507",
              "versionEndIncluding": "5.581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en el plugin in_nsv  en Winamp anterior a v5.6 permite a atacantes remotos tener un impacto no especificado  trav\u00e9s de vectores relacionados con la asignaci\u00f3n incorrecta de la memoria para los metadatos NSV, una vulnerabilidad diferente a  CVE-2010-2586."
    }
  ],
  "id": "CVE-2010-4372",
  "lastModified": "2024-11-21T01:20:48.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-02T16:22:22.003",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12358"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:01
Severity ?
Summary
Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.
Impacted products
Vendor Product Version
nullsoft winamp 5.094



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476."
    }
  ],
  "id": "CVE-2005-3188",
  "lastModified": "2024-11-21T00:01:18.650",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/397"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015565"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1015621"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/22975"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16462"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1015565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1015621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/22975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24417"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-02 16:22
Modified
2024-11-21 01:20
Severity ?
Summary
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7D704-AF80-4CB2-8B1B-7F9A08F07507",
              "versionEndIncluding": "5.581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length."
    },
    {
      "lang": "es",
      "value": "El plug-in in_mkv en Winamp anterior a v5.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un v\u00eddeo Matroska (MKV) que contiene una cadena con una longitud manipulada."
    }
  ],
  "id": "CVE-2010-4374",
  "lastModified": "2024-11-21T01:20:48.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-02T16:22:22.050",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12332"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-06-27 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
Impacted products
Vendor Product Version
nullsoft winamp 2.6x
nullsoft winamp 2.7x



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file."
    }
  ],
  "id": "CVE-2001-0490",
  "lastModified": "2024-11-20T23:35:29.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-06-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0518.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0518.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-05-26 16:30
Modified
2024-11-21 01:03
Severity ?
Summary
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
References
cve@mitre.orghttp://secunia.com/advisories/35076Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35126
cve@mitre.orghttp://secunia.com/advisories/35247
cve@mitre.orghttp://secunia.com/advisories/35443
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200905-09.xml
cve@mitre.orghttp://trapkit.de/advisories/TKADV2009-006.txtExploit
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1814
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:132
cve@mitre.orghttp://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/Patch, Vendor Advisory
cve@mitre.orghttp://www.mega-nerd.com/libsndfile/Patch
cve@mitre.orghttp://www.securityfocus.com/bid/34978Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1324Patch, Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1348Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50541
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50827
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35076Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35126
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35247
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35443
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200905-09.xml
af854a3a-2127-422b-91ae-364da2661108http://trapkit.de/advisories/TKADV2009-006.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1814
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:132
af854a3a-2127-422b-91ae-364da2661108http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mega-nerd.com/libsndfile/Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34978Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1324Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1348Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50541
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50827
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "570D85F0-F757-488A-A059-54BF0810F1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28BC682-E6B1-4A63-9734-FDB6019B9AE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8823A84B-4694-4838-A877-AE66400B26BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C2B0D1-AE8A-4978-85B0-C5E0ABE89E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mega-nerd:libsndfile:1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "759BBF60-8964-4590-A5EB-F21EB4049E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en voc_read_header en libsndfile desde v1.0.15 hasta v1.0.19, cuando se utiliza en Winamp v5.552 y posiblemente otros programas multimedia, permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente la ejecuci\u00f3n arbitraria de c\u00f3digo a trav\u00e9s de un fichero VOC con una valor de cabecera no valido."
    }
  ],
  "id": "CVE-2009-1788",
  "lastModified": "2024-11-21T01:03:21.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-05-26T16:30:02.937",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35076"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35126"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35247"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35443"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://trapkit.de/advisories/TKADV2009-006.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1814"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.mega-nerd.com/libsndfile/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34978"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1324"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1348"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://trapkit.de/advisories/TKADV2009-006.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.mega-nerd.com/libsndfile/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/34978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-05-04 00:19
Modified
2024-11-21 00:30
Severity ?
Summary
libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "libmp4v2.dll de Winamp 5.02 hasta 5.34 permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante  un fichero .MP4 concreto.\r\nNOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2007-2498",
  "lastModified": "2024-11-21T00:30:56.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-05-04T00:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25089"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017993"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23723"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1594"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34030"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/3823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/3823"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-04-10 23:19
Modified
2024-11-21 00:29
Severity ?
Summary
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.
Impacted products
Vendor Product Version
nullsoft winamp 5.33



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption."
    },
    {
      "lang": "es",
      "value": "La biblioteca LIBSNDFILE.DLL, tal como es utilizado por AOL Nullsoft Winamp versi\u00f3n 5.33 y posiblemente otros productos, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo .MAT creado que contiene un valor que es usado como un offset, lo que desencadena una corrupci\u00f3n de memoria."
    }
  ],
  "evaluatorImpact": "To exploit this issue, an attacker must entice an unsuspecting user to use the affected application to open a specially crafted file.",
  "id": "CVE-2007-1921",
  "lastModified": "2024-11-21T00:29:28.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-10T23:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=dailydave\u0026m=117589848432659\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34432"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24766"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2541"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/464889/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23351"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017886"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1286"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=dailydave\u0026m=117589848432659\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/464889/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33481"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2004-11/0369.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110123330404482&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110146036300803&w=2
cve@mitre.orghttp://marc.info/?l=ntbugtraq&m=110126352412395&w=2
cve@mitre.orghttp://marc.info/?l=ntbugtraq&m=110135574326217&w=2
cve@mitre.orghttp://secunia.com/advisories/13269/
cve@mitre.orghttp://www.kb.cert.org/vuls/id/986504US Government Resource
cve@mitre.orghttp://www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdf
cve@mitre.orghttp://www.securityfocus.com/bid/11730Exploit, Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18197
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2004-11/0369.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110123330404482&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110146036300803&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=ntbugtraq&m=110126352412395&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=ntbugtraq&m=110135574326217&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13269/
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/986504US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11730Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18197
Impacted products
Vendor Product Version
nullsoft winamp 5.01
nullsoft winamp 5.02
nullsoft winamp 5.03
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.06



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file."
    }
  ],
  "id": "CVE-2004-1119",
  "lastModified": "2024-11-20T23:50:09.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-10T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0369.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110123330404482\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110146036300803\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=110126352412395\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=110135574326217\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13269/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/986504"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11730"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0369.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110123330404482\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110146036300803\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=110126352412395\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=110135574326217\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13269/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/986504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18197"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
Impacted products
Vendor Product Version
nullsoft winamp 3.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter."
    }
  ],
  "id": "CVE-2003-1272",
  "lastModified": "2024-11-20T23:46:45.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/10980.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6515"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6516"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/10980.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10981"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-02 16:22
Modified
2024-11-21 01:20
Severity ?
Summary
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7D704-AF80-4CB2-8B1B-7F9A08F07507",
              "versionEndIncluding": "5.581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el plugin in_mod en Winamp anterior a v5.6 permite tener un impacto no especificado  a trav\u00e9s de vectores relacionados con el cuadro comment."
    }
  ],
  "id": "CVE-2010-4371",
  "lastModified": "2024-11-21T01:20:48.217",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-02T16:22:21.973",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12309"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-07-19 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 5.03a
nullsoft winamp 5.09
nullsoft winamp 5.091



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92312F29-8D4C-4998-BC4B-C92E72D298D8",
              "versionEndIncluding": "5.093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Winamp 5.03a, 5.09 y 5.091 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante un fichero MP3 con un tag ID3v2 largo."
    }
  ],
  "id": "CVE-2005-2310",
  "lastModified": "2024-11-20T23:59:16.523",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-07-19T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16077"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2005-07-14"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1014483"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/17897"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/14276"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/1106"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.winamp.com/player/version_history.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2005-07-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1014483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/17897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/14276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/1106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.winamp.com/player/version_history.php"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-12-16 19:55
Modified
2024-11-21 01:33
Severity ?
Summary
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7C8DF0F-15D3-46EE-8665-D7FADF42A362",
              "versionEndIncluding": "5.622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "202377E4-E8A7-494B-B0A1-DAED56E34401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23370CB-AA61-4C6A-A742-1DC2050926A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C841E22-820E-40F6-864D-ED4485180F7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer de memoria din\u00e1mica en el complemento in_mod.dll de Winamp en versiones anteriores a la 5.623 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos de canciones modificados de un archivo Impulse Tracker (IT).  NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceras partes."
    }
  ],
  "id": "CVE-2011-4857",
  "lastModified": "2024-11-21T01:33:07.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-12-16T19:55:01.033",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?t=332010"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46882"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72054"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?t=332010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15351"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
Impacted products
Vendor Product Version
nullsoft winamp *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81BD191B-9302-43CE-A948-81CEE87D5520",
              "versionEndIncluding": "2.79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la zona de navegaci\u00f3n de Winamp 2.79 y versiones anteriores, permite a atacantes remotos causar una Denegaci\u00f3n de Servicios (ca\u00edda) y posiblemente la ejecuci\u00f3n arbitraria de c\u00f3digo mediante una cadena larga de caracteres en el campo title de una etiqueta ID3v2."
    }
  ],
  "id": "CVE-2002-0547",
  "lastModified": "2024-11-20T23:39:20.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-07-03T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/8946.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4609"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.winamp.com/download/newfeatures.jhtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/8946.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.winamp.com/download/newfeatures.jhtml"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-07-11 10:26
Modified
2024-11-21 01:41
Severity ?
Summary
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF0D19B1-CBD0-426A-B818-6E47D74AC195",
              "versionEndIncluding": "5.623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F68A5E59-389B-4308-9D41-D665680EEC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:beta:*:*:*:*:*:*",
              "matchCriteriaId": "402F8767-1788-48BB-BCBE-E9E6B5F40396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:beta:*:*:*:*:*:*",
              "matchCriteriaId": "147C01F2-11E0-495A-916E-7C66D8CF4104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23370CB-AA61-4C6A-A742-1DC2050926A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.59:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F779958C-39AA-4AE8-895B-0BC1FA5401E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE65516-EA95-4DAE-93F5-FE19FFD9F04D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C841E22-820E-40F6-864D-ED4485180F7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file."
    },
    {
      "lang": "es",
      "value": "El plug-in in_mod en Winamp antes de v5.63 permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria dinamica \u0027heap\u0027) o posiblemente tener un impacto no especificado a trav\u00e9s de un fichero .IT."
    }
  ],
  "id": "CVE-2012-3890",
  "lastModified": "2024-11-21T01:41:48.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-11T10:26:11.907",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=345684"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46624"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/54131"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=345684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-09-17 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
Impacted products
Vendor Product Version
nullsoft winamp 2.81
nullsoft winamp 2.91
nullsoft winamp 3.0
nullsoft winamp 3.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large \"Track data size\" value."
    },
    {
      "lang": "es",
      "value": "IN_MIDI.DLL plugin 3.01 y versiones anteriores, como es utilizado en Winamp 2.91, permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo arbitrario mediante un fichero MIDI con un valor \"Track data size\" largo."
    }
  ],
  "id": "CVE-2003-0765",
  "lastModified": "2024-11-20T23:45:28.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-09-17T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106305643432112\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106305643432112\u0026w=2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-11-06 00:00
Modified
2024-11-21 01:14
Severity ?
Summary
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 0.20a
nullsoft winamp 0.92
nullsoft winamp 1.006
nullsoft winamp 1.90
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.9
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.92
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.54
nullsoft winamp 5.55
nullsoft winamp 5.56
nullsoft winamp 5.57
nullsoft winamp 5.58
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112
nullsoft winamp 5.531
nullsoft winamp 5.541
nullsoft winamp 5.551
nullsoft winamp 5.552
nullsoft winamp 5.572



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7D704-AF80-4CB2-8B1B-7F9A08F07507",
              "versionEndIncluding": "5.581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*",
              "matchCriteriaId": "5785692F-D8FA-4D49-8872-CB8B2F173557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*",
              "matchCriteriaId": "A6E85C52-1974-4F83-89AE-BB29FC897E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*",
              "matchCriteriaId": "CB082F8B-A052-4D82-9D73-2BB35FBA19F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23370CB-AA61-4C6A-A742-1DC2050926A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basado en mont\u00edculo en vp6.w5s (es decir el codec VP6) en Winamp antes de su versi\u00f3n v5.59 Beta Build 3033 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario mediante (1) un archivo de v\u00eddeo VP6 modificado o (2) un stream de v\u00eddeo VP6 modificado."
    }
  ],
  "id": "CVE-2010-1523",
  "lastModified": "2024-11-21T01:14:37.383",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-06T00:00:01.750",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://forums.winamp.com/showthread.php?t=322995"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-95/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/514484/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/44466"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?t=322995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-95/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514484/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/44466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12056"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
Impacted products
Vendor Product Version
nullsoft winamp 2.80



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts."
    }
  ],
  "id": "CVE-2002-2412",
  "lastModified": "2024-11-20T23:43:37.493",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/archive/1/273257"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/9114.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/4781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/archive/1/273257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/9114.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/4781"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-06-26 20:05
Modified
2024-11-21 00:13
Severity ?
Summary
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0542BCC-48E2-4E8D-AD45-197DB5EBC2F9",
              "versionEndIncluding": "5.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en in_midi.dll para WinAmp v2.90 hasta v5.23, incluyendo v5.21, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero manipulado .mi (MIDI). \r\n\r\n\r\n"
    }
  ],
  "id": "CVE-2006-3228",
  "lastModified": "2024-11-21T00:13:07.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-26T20:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=248100"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20722"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.attrition.org/pipermail/vim/2006-June/000892.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.attrition.org/pipermail/vim/2006-June/000893.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.winamp.com/about/article.php?aid=10694"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/1935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=248100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.attrition.org/pipermail/vim/2006-June/000892.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.attrition.org/pipermail/vim/2006-June/000893.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.winamp.com/about/article.php?aid=10694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/1935"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-12-26 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
Impacted products
Vendor Product Version
nullsoft winamp 2.81



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en Winamp 2.81 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una etiqueta ID3v2 de Artista larga en un fichero MP3."
    }
  ],
  "id": "CVE-2002-1176",
  "lastModified": "2024-11-20T23:40:45.217",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-26T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response."
    }
  ],
  "id": "CVE-2002-2195",
  "lastModified": "2024-11-20T23:43:06.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/archive/1/280786"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.iss.net/security_center/static/9488.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/5170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/archive/1/280786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.iss.net/security_center/static/9488.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/5170"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-12-02 16:22
Modified
2024-11-21 01:20
Severity ?
Summary
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7D704-AF80-4CB2-8B1B-7F9A08F07507",
              "versionEndIncluding": "5.581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DB36DD4-0F68-4A47-80D3-F326169BC2FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B4B254-A4B1-4B3D-9FD6-5E0C4C3E7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D58D69A-8179-400C-8118-866FB1729DD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file."
    },
    {
      "lang": "es",
      "value": "El plug-in in_mp4 en Winamp anterior a v5.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) manipulando (1) un metadato  o (2) AlbumArt en un archivo MP4 no v\u00e1lido."
    }
  ],
  "id": "CVE-2010-4373",
  "lastModified": "2024-11-21T01:20:48.493",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-12-02T16:22:22.037",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?t=324322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.winamp.com/showthread.php?threadid=159785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12425"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-12-18 19:30
Modified
2024-11-21 01:08
Severity ?
Summary
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
References
PSIRT-CNA@flexerasoftware.comhttp://forums.winamp.com/showthread.php?threadid=315355Patch
PSIRT-CNA@flexerasoftware.comhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/37495Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-55/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2009-56/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:151
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/archive/1/508528/100/0/threaded
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/37374
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2009/3575Patch, Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2010/1107Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://forums.winamp.com/showthread.php?threadid=315355Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37495Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-55/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2009-56/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/508528/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37374
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3575Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107Vendor Advisory
Impacted products
Vendor Product Version
nullsoft winamp *
nullsoft winamp 0.20a
nullsoft winamp 0.92
nullsoft winamp 1.006
nullsoft winamp 1.90
nullsoft winamp 2.0
nullsoft winamp 2.4
nullsoft winamp 2.5e
nullsoft winamp 2.6
nullsoft winamp 2.6x
nullsoft winamp 2.7x
nullsoft winamp 2.9
nullsoft winamp 2.10
nullsoft winamp 2.24
nullsoft winamp 2.50
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.60
nullsoft winamp 2.61
nullsoft winamp 2.61
nullsoft winamp 2.62
nullsoft winamp 2.62
nullsoft winamp 2.64
nullsoft winamp 2.64
nullsoft winamp 2.65
nullsoft winamp 2.70
nullsoft winamp 2.70
nullsoft winamp 2.71
nullsoft winamp 2.72
nullsoft winamp 2.73
nullsoft winamp 2.73
nullsoft winamp 2.74
nullsoft winamp 2.75
nullsoft winamp 2.76
nullsoft winamp 2.77
nullsoft winamp 2.78
nullsoft winamp 2.79
nullsoft winamp 2.80
nullsoft winamp 2.81
nullsoft winamp 2.90
nullsoft winamp 2.91
nullsoft winamp 2.92
nullsoft winamp 2.95
nullsoft winamp 3.0
nullsoft winamp 3.1
nullsoft winamp 5.0
nullsoft winamp 5.0.1
nullsoft winamp 5.0.2
nullsoft winamp 5.01
nullsoft winamp 5.1
nullsoft winamp 5.1
nullsoft winamp 5.02
nullsoft winamp 5.2
nullsoft winamp 5.3
nullsoft winamp 5.03
nullsoft winamp 5.03a
nullsoft winamp 5.04
nullsoft winamp 5.05
nullsoft winamp 5.5
nullsoft winamp 5.06
nullsoft winamp 5.07
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08
nullsoft winamp 5.08c
nullsoft winamp 5.08d
nullsoft winamp 5.08e
nullsoft winamp 5.09
nullsoft winamp 5.11
nullsoft winamp 5.12
nullsoft winamp 5.13
nullsoft winamp 5.21
nullsoft winamp 5.22
nullsoft winamp 5.23
nullsoft winamp 5.24
nullsoft winamp 5.31
nullsoft winamp 5.32
nullsoft winamp 5.33
nullsoft winamp 5.34
nullsoft winamp 5.35
nullsoft winamp 5.36
nullsoft winamp 5.51
nullsoft winamp 5.52
nullsoft winamp 5.53
nullsoft winamp 5.54
nullsoft winamp 5.55
nullsoft winamp 5.091
nullsoft winamp 5.093
nullsoft winamp 5.094
nullsoft winamp 5.111
nullsoft winamp 5.112
nullsoft winamp 5.531
nullsoft winamp 5.541
nullsoft winamp 5.551
nullsoft winamp 5.552
raphael_assenat libmikmod 3.1.12



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B0A6CA-7418-459E-A1F8-E107651D46A1",
              "versionEndIncluding": "5.56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C15A30-0EEF-4E58-BF7B-8F9E0814BF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "32036D60-6151-4607-B181-9E1C30ABAE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38C91F9-8371-4BE5-8ADD-CC38BC7584E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0873D86-C669-4FEE-83F1-70B61E1DEE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAFFD8E7-A443-4131-9CFB-67AA9739E6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2787A5F-5B74-4691-A2AD-BA5038D14784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5217B6-B543-4F2C-89DF-CE986AE0BADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A6660A-1306-44C0-BA92-D57D0F3ADD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3DB21-0E4F-409E-A60B-CBFFD71BBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F7F13A-D45B-4AA9-9CD3-D4E285791E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9C4D33-C782-4B10-95C2-050BCD745DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E0581F9-9B99-43F6-852E-BD28BB47B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EA0F31-8818-434C-9965-78764D00F148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C999742-75BD-463F-865F-93662B17330F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDFC131-873D-4564-B342-569DF45F31F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:full:*:*:*:*:*",
              "matchCriteriaId": "30C29FDB-A37E-4126-BE1B-DB32F38DC75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*",
              "matchCriteriaId": "E7254BFD-8301-4E99-AB73-7D1D9E7939FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEBD661-3253-47CC-91D9-B8F8E1211014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.61:*:full:*:*:*:*:*",
              "matchCriteriaId": "27826A30-3E5C-4B7D-B86B-8B0A68D2F944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45D7DD1-AFF9-441D-ABF1-A62FA0A9E05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*",
              "matchCriteriaId": "665C2A54-AF79-4315-BFEF-FA44E015B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE4866-33D1-4596-BA42-E70ABD0CDC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0DB02A8B-71ED-4FBF-9D01-D16F1351E702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D708182-E39F-44E4-9C67-52A85ACBA43C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "053A71B1-EF83-4750-ACCD-7ABEFF593BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.70:*:full:*:*:*:*:*",
              "matchCriteriaId": "F07CC71D-A616-483B-ABCB-AA6DDCE3531F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5286A1-C8ED-4783-9278-D30D9B1C588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3513F3C2-CDD6-461C-985E-E06151AEA804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6CB5C4-0FEC-4F85-B874-E06229265457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.73:*:full:*:*:*:*:*",
              "matchCriteriaId": "C700DFBF-9B22-4633-947C-840CF01423C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD6E478F-D058-482B-B027-605B7A769900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D8698A-B1AE-4041-9055-B6690F671E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CC66AF-0CB8-4E15-98A3-4704CB2AD78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E36F70C-F578-425E-A97F-1BD196F7F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDAD5F1-5B42-40ED-919C-65343567261C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC79237-791C-4830-BC81-D534FA537D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AFA764-16B4-4E5E-8F9C-46098E758CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F260E7-5145-4FDC-9759-67EA27CEFC5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD15C7B-64FF-42CF-ABD7-8973DDE89FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEA7967-D737-4B46-9382-A391DF832219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D39F3-4FE4-4256-AA33-33C29826B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:2.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "830610D8-1B42-4560-ABB4-BA79DD145110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF89B4A2-37A6-4702-A057-7B70C6157A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C64AF2-CF9D-4052-85E9-BAFF713382F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EFF2D1-D88F-436F-8E82-EAE681DE7AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F898DA-A260-4A81-8E94-DE85154B88DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4510C850-49A0-4082-81CF-333829FE8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "828226F9-29AA-437F-8385-B75A6F4F3B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8A3244-F6FF-4865-BCAD-EAF784AE93DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*",
              "matchCriteriaId": "5256EEBD-E142-4DCA-AC2E-97F20E32E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7DE0D-1018-4E04-A771-B2C619E95C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798885D9-B518-4C10-81B9-32AEB512C14D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5EF1ED-9AA1-41D0-8781-619F8F50F4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D38D15-3588-49E4-9396-11DB96FBD448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF39A44-528E-4BE8-A923-FFB53C2378F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED120987-6F27-4D8E-95DF-E19EBCB0B8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF40252-7E87-4EE6-B2C7-19E8D78C4025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02CCF2-2335-4F08-8061-6CFD7C8B265A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48A746C-1020-4A9C-A9D4-94B6FFFA1FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF272FF7-68ED-4D8B-9C17-D9D46AA33335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8C02C8-508A-4A6C-8911-12FB9B183C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:c:*:*:*:*:*:*",
              "matchCriteriaId": "5785692F-D8FA-4D49-8872-CB8B2F173557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:d:*:*:*:*:*:*",
              "matchCriteriaId": "A6E85C52-1974-4F83-89AE-BB29FC897E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08:e:*:*:*:*:*:*",
              "matchCriteriaId": "CB082F8B-A052-4D82-9D73-2BB35FBA19F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FAD29A-6A61-4201-A0E6-1F04BF093600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EE09C3-B49C-4D7D-BCD1-2AA2104A271A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E4497A5-6E95-4CB3-999E-53BF890A23F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "057B033C-7836-41E0-B184-F9D5DFC42C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "20168350-2AD1-4AF4-B0AA-4C2EBF616259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B39A6931-A3CD-44A7-B170-53B803F321AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651DB07-0A59-41C5-8788-6A3594A5023C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "199953E2-C5A4-4D7B-9BB4-EF0B1364F117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE765893-71E4-4945-891C-976B97762CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF245AA-7038-4BD4-B2CB-8B0E59200875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DEF8714-56FC-4D6C-AE87-072ADD7698A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "E808BCEF-FE45-44D3-B22B-404BC97B89C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6E29C6-CDC9-4C0B-8D79-8A5A11B563CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14B9D39-BF74-4C69-92BF-DE6E71FDD911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD83F571-1A58-4159-AC2F-7261F135EF45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB054736-2F91-4EF3-B04F-80403676374F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E954F-6A04-442A-B93E-CDD2ABEB357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEE5A4C-770A-458B-AC1A-8F1F99A0951A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58E9493-556E-4085-B337-AE211A28DA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4F66E7-7F61-4F59-9213-21598A3DFD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6E95D5-D855-4CD4-B44B-66FF029EC823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "218E9850-70F5-4579-9549-47DD16ECD2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6A1F15-A3FA-40FB-980A-569F77E1D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*",
              "matchCriteriaId": "684ABC3F-57CB-490B-ADCB-501E0D234E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB30030-A195-4626-AAED-D421454D911D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB3FCB9-6CF4-4513-9FB9-D01C58079060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*",
              "matchCriteriaId": "913962D9-84AA-4474-800E-5DABF37D52A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*",
              "matchCriteriaId": "35698C89-EACF-4ABF-BA67-AF59B8BD2928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*",
              "matchCriteriaId": "951898A7-A060-4853-8C4E-99927794C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB33D5A-C2A0-4526-8774-89BA4C079533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA20F35-AC57-4B5B-9EF1-8A4393BD1B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:raphael_assenat:libmikmod:3.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EB33FA6-1F1A-4255-B468-19036B180C29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca IN_MOD. DLL (tambi\u00e9n se conoce como el Plug-in Module Decoder) en Winamp anterior a versi\u00f3n 5.57, y libmikmod versi\u00f3n 3.1.12, podr\u00eda permitir a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo Ultratracker."
    }
  ],
  "id": "CVE-2009-3996",
  "lastModified": "2024-11-21T01:08:41.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-12-18T19:30:00.530",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-55/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-56/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://forums.winamp.com/showthread.php?threadid=315355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-55/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-56/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2008-3441
Vulnerability from cvelistv5
Published
2008-08-01 14:00
Modified
2024-08-07 09:37
Severity ?
Summary
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:37:26.959Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:15225",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
          },
          {
            "name": "1020582",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020582"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
          },
          {
            "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:15225",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
        },
        {
          "name": "1020582",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020582"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
        },
        {
          "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3441",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:15225",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15225"
            },
            {
              "name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf",
              "refsource": "MISC",
              "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
            },
            {
              "name": "1020582",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020582"
            },
            {
              "name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz",
              "refsource": "MISC",
              "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
            },
            {
              "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3441",
    "datePublished": "2008-08-01T14:00:00",
    "dateReserved": "2008-08-01T00:00:00",
    "dateUpdated": "2024-08-07T09:37:26.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0186
Vulnerability from cvelistv5
Published
2009-03-05 02:00
Modified
2024-08-07 04:24
Severity ?
Summary
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
References
http://www.vupen.com/english/advisories/2009/0585vdb-entry, x_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200904-16.xmlvendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2009/dsa-1742vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/501413/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/33981third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/33980third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34642third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1021784vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/34316third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/49038vdb-entry, x_refsource_XF
http://secunia.com/advisories/34526third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-749-1vendor-advisory, x_refsource_UBUNTU
http://www.mega-nerd.com/libsndfile/NEWSx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/0584vdb-entry, x_refsource_VUPEN
http://secunia.com/secunia_research/2009-7/x_refsource_MISC
http://www.securityfocus.com/bid/33963vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/501399/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/secunia_research/2009-8/x_refsource_MISC
http://secunia.com/advisories/34791third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-0585",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0585"
          },
          {
            "name": "GLSA-200904-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200904-16.xml"
          },
          {
            "name": "DSA-1742",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1742"
          },
          {
            "name": "20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501413/100/0/threaded"
          },
          {
            "name": "33981",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33981"
          },
          {
            "name": "33980",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33980"
          },
          {
            "name": "34642",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34642"
          },
          {
            "name": "1021784",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021784"
          },
          {
            "name": "34316",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34316"
          },
          {
            "name": "libsndfile-caf-bo(49038)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49038"
          },
          {
            "name": "34526",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34526"
          },
          {
            "name": "SUSE-SR:2009:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
          },
          {
            "name": "USN-749-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-749-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mega-nerd.com/libsndfile/NEWS"
          },
          {
            "name": "ADV-2009-0584",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0584"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-7/"
          },
          {
            "name": "33963",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33963"
          },
          {
            "name": "20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501399/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-8/"
          },
          {
            "name": "34791",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34791"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "ADV-2009-0585",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0585"
        },
        {
          "name": "GLSA-200904-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200904-16.xml"
        },
        {
          "name": "DSA-1742",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1742"
        },
        {
          "name": "20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501413/100/0/threaded"
        },
        {
          "name": "33981",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33981"
        },
        {
          "name": "33980",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33980"
        },
        {
          "name": "34642",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34642"
        },
        {
          "name": "1021784",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021784"
        },
        {
          "name": "34316",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34316"
        },
        {
          "name": "libsndfile-caf-bo(49038)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49038"
        },
        {
          "name": "34526",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34526"
        },
        {
          "name": "SUSE-SR:2009:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
        },
        {
          "name": "USN-749-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-749-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mega-nerd.com/libsndfile/NEWS"
        },
        {
          "name": "ADV-2009-0584",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0584"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-7/"
        },
        {
          "name": "33963",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33963"
        },
        {
          "name": "20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501399/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-8/"
        },
        {
          "name": "34791",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34791"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-0186",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-0585",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0585"
            },
            {
              "name": "GLSA-200904-16",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200904-16.xml"
            },
            {
              "name": "DSA-1742",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1742"
            },
            {
              "name": "20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501413/100/0/threaded"
            },
            {
              "name": "33981",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33981"
            },
            {
              "name": "33980",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33980"
            },
            {
              "name": "34642",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34642"
            },
            {
              "name": "1021784",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021784"
            },
            {
              "name": "34316",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34316"
            },
            {
              "name": "libsndfile-caf-bo(49038)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49038"
            },
            {
              "name": "34526",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34526"
            },
            {
              "name": "SUSE-SR:2009:008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
            },
            {
              "name": "USN-749-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-749-1"
            },
            {
              "name": "http://www.mega-nerd.com/libsndfile/NEWS",
              "refsource": "CONFIRM",
              "url": "http://www.mega-nerd.com/libsndfile/NEWS"
            },
            {
              "name": "ADV-2009-0584",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0584"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-7/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-7/"
            },
            {
              "name": "33963",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33963"
            },
            {
              "name": "20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501399/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-8/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-8/"
            },
            {
              "name": "34791",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34791"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-0186",
    "datePublished": "2009-03-05T02:00:00",
    "dateReserved": "2009-01-20T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4392
Vulnerability from cvelistv5
Published
2007-08-17 22:00
Modified
2024-08-07 14:53
Severity ?
Summary
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:53:55.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070801 Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion Stack Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/475489/100/200/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://morph3us.org/advisories/20070730-winamp-5.35.txt"
          },
          {
            "name": "3040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3040"
          },
          {
            "name": "20070801 Re: Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/475260/100/200/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:15504",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15504"
          },
          {
            "name": "20070731 [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/475161/100/200/threaded"
          },
          {
            "name": "20070731 Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/475183/100/200/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070801 Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion Stack Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/475489/100/200/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://morph3us.org/advisories/20070730-winamp-5.35.txt"
        },
        {
          "name": "3040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3040"
        },
        {
          "name": "20070801 Re: Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/475260/100/200/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:15504",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15504"
        },
        {
          "name": "20070731 [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/475161/100/200/threaded"
        },
        {
          "name": "20070731 Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/475183/100/200/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4392",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070801 Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion Stack Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/475489/100/200/threaded"
            },
            {
              "name": "http://morph3us.org/advisories/20070730-winamp-5.35.txt",
              "refsource": "MISC",
              "url": "http://morph3us.org/advisories/20070730-winamp-5.35.txt"
            },
            {
              "name": "3040",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3040"
            },
            {
              "name": "20070801 Re: Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/475260/100/200/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:15504",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15504"
            },
            {
              "name": "20070731 [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/475161/100/200/threaded"
            },
            {
              "name": "20070731 Re: [BuHa-Security] Winamp 5.35 (Infinite) M3U File Inclusion DoS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/475183/100/200/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4392",
    "datePublished": "2007-08-17T22:00:00",
    "dateReserved": "2007-08-17T00:00:00",
    "dateUpdated": "2024-08-07T14:53:55.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-2586
Vulnerability from cvelistv5
Published
2010-12-02 16:00
Modified
2024-08-07 02:39
Severity ?
Summary
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:39:37.704Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42004",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42004"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=159785"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=324322"
          },
          {
            "name": "20101201 Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514962/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2010-127/"
          },
          {
            "name": "oval:org.mitre.oval:def:12587",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12587"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "42004",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42004"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=159785"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=324322"
        },
        {
          "name": "20101201 Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514962/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2010-127/"
        },
        {
          "name": "oval:org.mitre.oval:def:12587",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12587"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2010-2586",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42004",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42004"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=159785",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=159785"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=324322",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=324322"
            },
            {
              "name": "20101201 Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/514962/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2010-127/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2010-127/"
            },
            {
              "name": "oval:org.mitre.oval:def:12587",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12587"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2010-2586",
    "datePublished": "2010-12-02T16:00:00",
    "dateReserved": "2010-07-01T00:00:00",
    "dateUpdated": "2024-08-07T02:39:37.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0284
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:42
Severity ?
Summary
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
References
http://marc.info/?l=bugtraq&m=101408781031527&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:42:29.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020215 winamp and wma Song Licenses",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=101408781031527\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020215 winamp and wma Song Licenses",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=101408781031527\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0284",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020215 winamp and wma Song Licenses",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=101408781031527\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0284",
    "datePublished": "2002-05-03T04:00:00",
    "dateReserved": "2002-05-01T00:00:00",
    "dateUpdated": "2024-08-08T02:42:29.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1788
Vulnerability from cvelistv5
Published
2009-05-26 16:00
Modified
2024-08-07 05:27
Severity ?
Summary
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
References
http://www.mandriva.com/security/advisories?name=MDVSA-2009:132vendor-advisory, x_refsource_MANDRIVA
http://trapkit.de/advisories/TKADV2009-006.txtx_refsource_MISC
http://www.vupen.com/english/advisories/2009/1348vdb-entry, x_refsource_VUPEN
http://www.mega-nerd.com/libsndfile/x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1324vdb-entry, x_refsource_VUPEN
http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/50827vdb-entry, x_refsource_XF
http://secunia.com/advisories/35247third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1814vendor-advisory, x_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/50541vdb-entry, x_refsource_XF
http://secunia.com/advisories/35076third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200905-09.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/35126third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/34978vdb-entry, x_refsource_BID
http://secunia.com/advisories/35443third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2009:132",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://trapkit.de/advisories/TKADV2009-006.txt"
          },
          {
            "name": "ADV-2009-1348",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mega-nerd.com/libsndfile/"
          },
          {
            "name": "ADV-2009-1324",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1324"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
          },
          {
            "name": "libsndfile-voc-bo(50827)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
          },
          {
            "name": "35247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35247"
          },
          {
            "name": "DSA-1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1814"
          },
          {
            "name": "libsndfile-aiff-voc-bo(50541)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
          },
          {
            "name": "35076",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35076"
          },
          {
            "name": "GLSA-200905-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
          },
          {
            "name": "35126",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35126"
          },
          {
            "name": "34978",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34978"
          },
          {
            "name": "35443",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35443"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2009:132",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://trapkit.de/advisories/TKADV2009-006.txt"
        },
        {
          "name": "ADV-2009-1348",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mega-nerd.com/libsndfile/"
        },
        {
          "name": "ADV-2009-1324",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1324"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
        },
        {
          "name": "libsndfile-voc-bo(50827)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
        },
        {
          "name": "35247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35247"
        },
        {
          "name": "DSA-1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1814"
        },
        {
          "name": "libsndfile-aiff-voc-bo(50541)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
        },
        {
          "name": "35076",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35076"
        },
        {
          "name": "GLSA-200905-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
        },
        {
          "name": "35126",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35126"
        },
        {
          "name": "34978",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34978"
        },
        {
          "name": "35443",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35443"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1788",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2009:132",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
            },
            {
              "name": "http://trapkit.de/advisories/TKADV2009-006.txt",
              "refsource": "MISC",
              "url": "http://trapkit.de/advisories/TKADV2009-006.txt"
            },
            {
              "name": "ADV-2009-1348",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1348"
            },
            {
              "name": "http://www.mega-nerd.com/libsndfile/",
              "refsource": "CONFIRM",
              "url": "http://www.mega-nerd.com/libsndfile/"
            },
            {
              "name": "ADV-2009-1324",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1324"
            },
            {
              "name": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/",
              "refsource": "CONFIRM",
              "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
            },
            {
              "name": "libsndfile-voc-bo(50827)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
            },
            {
              "name": "35247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35247"
            },
            {
              "name": "DSA-1814",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1814"
            },
            {
              "name": "libsndfile-aiff-voc-bo(50541)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
            },
            {
              "name": "35076",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35076"
            },
            {
              "name": "GLSA-200905-09",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
            },
            {
              "name": "35126",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35126"
            },
            {
              "name": "34978",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34978"
            },
            {
              "name": "35443",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35443"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1788",
    "datePublished": "2009-05-26T16:00:00",
    "dateReserved": "2009-05-26T00:00:00",
    "dateUpdated": "2024-08-07T05:27:54.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3889
Vulnerability from cvelistv5
Published
2012-07-11 10:00
Modified
2024-08-06 20:21
Severity ?
Summary
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=345684"
          },
          {
            "name": "46624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46624"
          },
          {
            "name": "oval:org.mitre.oval:def:14748",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14748"
          },
          {
            "name": "54131",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54131"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=345684"
        },
        {
          "name": "46624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46624"
        },
        {
          "name": "oval:org.mitre.oval:def:14748",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14748"
        },
        {
          "name": "54131",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54131"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-3889",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.winamp.com/showthread.php?t=345684",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=345684"
            },
            {
              "name": "46624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46624"
            },
            {
              "name": "oval:org.mitre.oval:def:14748",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14748"
            },
            {
              "name": "54131",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54131"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-3889",
    "datePublished": "2012-07-11T10:00:00",
    "dateReserved": "2012-07-10T00:00:00",
    "dateUpdated": "2024-08-06T20:21:04.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-0720
Vulnerability from cvelistv5
Published
2006-02-23 21:00
Modified
2024-08-07 16:48
Severity ?
Summary
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:48:55.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060223 NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/425888/100/0/threaded"
          },
          {
            "name": "476",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/476"
          },
          {
            "name": "winamp-m3u-wma-bo(24740)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=238648"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nsfocus.com/english/homepage/research/0601.htm"
          },
          {
            "name": "16785",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16785"
          },
          {
            "name": "1015675",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015675"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060223 NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/425888/100/0/threaded"
        },
        {
          "name": "476",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/476"
        },
        {
          "name": "winamp-m3u-wma-bo(24740)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=238648"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nsfocus.com/english/homepage/research/0601.htm"
        },
        {
          "name": "16785",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16785"
        },
        {
          "name": "1015675",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015675"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0720",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060223 NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/425888/100/0/threaded"
            },
            {
              "name": "476",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/476"
            },
            {
              "name": "winamp-m3u-wma-bo(24740)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=238648",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=238648"
            },
            {
              "name": "http://www.nsfocus.com/english/homepage/research/0601.htm",
              "refsource": "MISC",
              "url": "http://www.nsfocus.com/english/homepage/research/0601.htm"
            },
            {
              "name": "16785",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16785"
            },
            {
              "name": "1015675",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015675"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0720",
    "datePublished": "2006-02-23T21:00:00",
    "dateReserved": "2006-02-16T00:00:00",
    "dateUpdated": "2024-08-07T16:48:55.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3228
Vulnerability from cvelistv5
Published
2006-06-26 19:00
Modified
2024-08-07 18:23
Severity ?
Summary
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:23:20.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060622 Winamp security vagueness",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2006-June/000892.html"
          },
          {
            "name": "20722",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20722"
          },
          {
            "name": "1935",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/1935"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.winamp.com/about/article.php?aid=10694"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=248100"
          },
          {
            "name": "20060622 Winamp security vagueness",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2006-June/000893.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-18T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060622 Winamp security vagueness",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2006-June/000892.html"
        },
        {
          "name": "20722",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20722"
        },
        {
          "name": "1935",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/1935"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.winamp.com/about/article.php?aid=10694"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=248100"
        },
        {
          "name": "20060622 Winamp security vagueness",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2006-June/000893.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3228",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060622 Winamp security vagueness",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2006-June/000892.html"
            },
            {
              "name": "20722",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20722"
            },
            {
              "name": "1935",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/1935"
            },
            {
              "name": "http://www.winamp.com/about/article.php?aid=10694",
              "refsource": "CONFIRM",
              "url": "http://www.winamp.com/about/article.php?aid=10694"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=248100",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=248100"
            },
            {
              "name": "20060622 Winamp security vagueness",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2006-June/000893.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3228",
    "datePublished": "2006-06-26T19:00:00",
    "dateReserved": "2006-06-26T00:00:00",
    "dateUpdated": "2024-08-07T18:23:20.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-1274
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-08 02:19
Severity ?
Summary
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:19:46.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030104 WinAmp v.3.0: buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
          },
          {
            "name": "winamp-b4s-path-dos(10983)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10983"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030104 WinAmp v.3.0: buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
        },
        {
          "name": "winamp-b4s-path-dos(10983)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10983"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1274",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030104 WinAmp v.3.0: buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
            },
            {
              "name": "winamp-b4s-path-dos(10983)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10983"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1274",
    "datePublished": "2005-11-16T07:37:00",
    "dateReserved": "2005-11-16T00:00:00",
    "dateUpdated": "2024-08-08T02:19:46.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4694
Vulnerability from cvelistv5
Published
2014-04-16 22:00
Modified
2024-08-06 16:52
Severity ?
Summary
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:27.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130701 [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2013/Jul/4"
          },
          {
            "name": "26558",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/26558"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=364291"
          },
          {
            "name": "winamp-cve20134694-bo(85399)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85399"
          },
          {
            "name": "94739",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/94739"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html"
          },
          {
            "name": "94740",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/94740"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695"
          },
          {
            "name": "1030107",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030107"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/122978"
          },
          {
            "name": "60883",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/60883"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name.  NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20130701 [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2013/Jul/4"
        },
        {
          "name": "26558",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/26558"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=364291"
        },
        {
          "name": "winamp-cve20134694-bo(85399)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85399"
        },
        {
          "name": "94739",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/94739"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html"
        },
        {
          "name": "94740",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/94740"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695"
        },
        {
          "name": "1030107",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030107"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/122978"
        },
        {
          "name": "60883",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/60883"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4694",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name.  NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130701 [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2013/Jul/4"
            },
            {
              "name": "26558",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/26558"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=364291",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=364291"
            },
            {
              "name": "winamp-cve20134694-bo(85399)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85399"
            },
            {
              "name": "94739",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/94739"
            },
            {
              "name": "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html"
            },
            {
              "name": "94740",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/94740"
            },
            {
              "name": "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695",
              "refsource": "MISC",
              "url": "https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695"
            },
            {
              "name": "1030107",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030107"
            },
            {
              "name": "http://packetstormsecurity.com/files/122978",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/122978"
            },
            {
              "name": "60883",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/60883"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4694",
    "datePublished": "2014-04-16T22:00:00",
    "dateReserved": "2013-06-26T00:00:00",
    "dateUpdated": "2024-08-06T16:52:27.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3996
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-08-07 06:45
Severity ?
Summary
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:51.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2010:151",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=315355"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "name": "37374",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37374"
          },
          {
            "name": "37495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37495"
          },
          {
            "name": "ADV-2009-3575",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3575"
          },
          {
            "name": "20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-56/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-55/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "MDVSA-2010:151",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=315355"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "name": "37374",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37374"
        },
        {
          "name": "37495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37495"
        },
        {
          "name": "ADV-2009-3575",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3575"
        },
        {
          "name": "20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-56/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-55/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-3996",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2010:151",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=315355",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=315355"
            },
            {
              "name": "ADV-2010-1107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1107"
            },
            {
              "name": "SUSE-SR:2010:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
            },
            {
              "name": "37374",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37374"
            },
            {
              "name": "37495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37495"
            },
            {
              "name": "ADV-2009-3575",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3575"
            },
            {
              "name": "20091217 Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508528/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-56/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-56/"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-55/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-55/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-3996",
    "datePublished": "2009-12-18T19:00:00",
    "dateReserved": "2009-11-19T00:00:00",
    "dateUpdated": "2024-08-07T06:45:51.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4372
Vulnerability from cvelistv5
Published
2010-12-02 16:00
Modified
2024-08-07 03:43
Severity ?
Summary
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=159785"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=324322"
          },
          {
            "name": "oval:org.mitre.oval:def:12358",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12358"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=159785"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=324322"
        },
        {
          "name": "oval:org.mitre.oval:def:12358",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12358"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=159785",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=159785"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=324322",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=324322"
            },
            {
              "name": "oval:org.mitre.oval:def:12358",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12358"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4372",
    "datePublished": "2010-12-02T16:00:00",
    "dateReserved": "2010-12-02T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4374
Vulnerability from cvelistv5
Published
2010-12-02 16:00
Modified
2024-08-07 03:43
Severity ?
Summary
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=159785"
          },
          {
            "name": "oval:org.mitre.oval:def:12332",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12332"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=324322"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=159785"
        },
        {
          "name": "oval:org.mitre.oval:def:12332",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12332"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=324322"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4374",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=159785",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=159785"
            },
            {
              "name": "oval:org.mitre.oval:def:12332",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12332"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=324322",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=324322"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4374",
    "datePublished": "2010-12-02T16:00:00",
    "dateReserved": "2010-12-02T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-2195
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 19:31
Severity ?
Summary
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
References
http://www.iss.net/security_center/static/9488.phpvdb-entry, x_refsource_XF
http://online.securityfocus.com/archive/1/280786mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/5170vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:51:17.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "winamp-auto-update-bo(9488)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9488.php"
          },
          {
            "name": "20020705 remote winamp 2.x exploit (all current versions)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/280786"
          },
          {
            "name": "5170",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5170"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-16T21:17:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "winamp-auto-update-bo(9488)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9488.php"
        },
        {
          "name": "20020705 remote winamp 2.x exploit (all current versions)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/280786"
        },
        {
          "name": "5170",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5170"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-2195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "winamp-auto-update-bo(9488)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9488.php"
            },
            {
              "name": "20020705 remote winamp 2.x exploit (all current versions)",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/280786"
            },
            {
              "name": "5170",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5170"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-2195",
    "datePublished": "2005-11-16T21:17:00Z",
    "dateReserved": "2005-11-16T00:00:00Z",
    "dateUpdated": "2024-09-16T19:31:05.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0765
Vulnerability from cvelistv5
Published
2003-09-12 04:00
Modified
2024-08-08 02:05
Severity ?
Summary
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
References
http://marc.info/?l=bugtraq&m=106305643432112&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:05:12.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030908 Winamp 2.91 lets code execution through MIDI files",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106305643432112\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large \"Track data size\" value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030908 Winamp 2.91 lets code execution through MIDI files",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106305643432112\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large \"Track data size\" value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030908 Winamp 2.91 lets code execution through MIDI files",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106305643432112\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0765",
    "datePublished": "2003-09-12T04:00:00",
    "dateReserved": "2003-09-09T00:00:00",
    "dateUpdated": "2024-08-08T02:05:12.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1119
Vulnerability from cvelistv5
Published
2004-12-01 05:00
Modified
2024-08-08 00:39
Severity ?
Summary
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/18197vdb-entry, x_refsource_XF
http://secunia.com/advisories/13269/third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=110123330404482&w=2mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=110146036300803&w=2mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/11730vdb-entry, x_refsource_BID
http://marc.info/?l=ntbugtraq&m=110135574326217&w=2mailing-list, x_refsource_NTBUGTRAQ
http://www.kb.cert.org/vuls/id/986504third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=ntbugtraq&m=110126352412395&w=2mailing-list, x_refsource_NTBUGTRAQ
http://archives.neohapsis.com/archives/bugtraq/2004-11/0369.htmlmailing-list, x_refsource_BUGTRAQ
http://www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdfx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "winamp-incddadll-bo(18197)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18197"
          },
          {
            "name": "13269",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13269/"
          },
          {
            "name": "20041123 Winamp - Buffer Overflow In IN_CDDA.dll",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110123330404482\u0026w=2"
          },
          {
            "name": "20041124 Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110146036300803\u0026w=2"
          },
          {
            "name": "11730",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11730"
          },
          {
            "name": "20041124 Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]",
            "tags": [
              "mailing-list",
              "x_refsource_NTBUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=ntbugtraq\u0026m=110135574326217\u0026w=2"
          },
          {
            "name": "VU#986504",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/986504"
          },
          {
            "name": "20041123 Winamp - Buffer Overflow In IN_CDDA.dll",
            "tags": [
              "mailing-list",
              "x_refsource_NTBUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=ntbugtraq\u0026m=110126352412395\u0026w=2"
          },
          {
            "name": "20041126 Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0369.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "winamp-incddadll-bo(18197)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18197"
        },
        {
          "name": "13269",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13269/"
        },
        {
          "name": "20041123 Winamp - Buffer Overflow In IN_CDDA.dll",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110123330404482\u0026w=2"
        },
        {
          "name": "20041124 Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110146036300803\u0026w=2"
        },
        {
          "name": "11730",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11730"
        },
        {
          "name": "20041124 Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]",
          "tags": [
            "mailing-list",
            "x_refsource_NTBUGTRAQ"
          ],
          "url": "http://marc.info/?l=ntbugtraq\u0026m=110135574326217\u0026w=2"
        },
        {
          "name": "VU#986504",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/986504"
        },
        {
          "name": "20041123 Winamp - Buffer Overflow In IN_CDDA.dll",
          "tags": [
            "mailing-list",
            "x_refsource_NTBUGTRAQ"
          ],
          "url": "http://marc.info/?l=ntbugtraq\u0026m=110126352412395\u0026w=2"
        },
        {
          "name": "20041126 Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0369.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1119",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "winamp-incddadll-bo(18197)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18197"
            },
            {
              "name": "13269",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13269/"
            },
            {
              "name": "20041123 Winamp - Buffer Overflow In IN_CDDA.dll",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110123330404482\u0026w=2"
            },
            {
              "name": "20041124 Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110146036300803\u0026w=2"
            },
            {
              "name": "11730",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11730"
            },
            {
              "name": "20041124 Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]",
              "refsource": "NTBUGTRAQ",
              "url": "http://marc.info/?l=ntbugtraq\u0026m=110135574326217\u0026w=2"
            },
            {
              "name": "VU#986504",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/986504"
            },
            {
              "name": "20041123 Winamp - Buffer Overflow In IN_CDDA.dll",
              "refsource": "NTBUGTRAQ",
              "url": "http://marc.info/?l=ntbugtraq\u0026m=110126352412395\u0026w=2"
            },
            {
              "name": "20041126 Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0369.html"
            },
            {
              "name": "http://www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdf",
              "refsource": "MISC",
              "url": "http://www.security-assessment.com/Papers/Winamp_IN_CDDA_Buffer_Overflow.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1119",
    "datePublished": "2004-12-01T05:00:00",
    "dateReserved": "2004-11-30T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-2384
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
Summary
NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.
References
http://www.securityfocus.com/archive/1/357986mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/358097mailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/15541vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/9920vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:22:13.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20040319 Winamp 5.02 Long Filename Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/357986"
          },
          {
            "name": "20040320 Re: Winamp 5.02 Long Filename Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/358097"
          },
          {
            "name": "winamp-long-file-dos(15541)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15541"
          },
          {
            "name": "9920",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9920"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim\u0027s player to crash when the file is opened from the command line."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20040319 Winamp 5.02 Long Filename Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/357986"
        },
        {
          "name": "20040320 Re: Winamp 5.02 Long Filename Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/358097"
        },
        {
          "name": "winamp-long-file-dos(15541)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15541"
        },
        {
          "name": "9920",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9920"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2384",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim\u0027s player to crash when the file is opened from the command line."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20040319 Winamp 5.02 Long Filename Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/357986"
            },
            {
              "name": "20040320 Re: Winamp 5.02 Long Filename Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/358097"
            },
            {
              "name": "winamp-long-file-dos(15541)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15541"
            },
            {
              "name": "9920",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9920"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2384",
    "datePublished": "2005-08-16T04:00:00",
    "dateReserved": "2005-08-16T00:00:00",
    "dateUpdated": "2024-08-08T01:22:13.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4370
Vulnerability from cvelistv5
Published
2010-12-02 16:00
Modified
2024-08-07 03:43
Severity ?
Summary
Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42004",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42004"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=159785"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=324322"
          },
          {
            "name": "oval:org.mitre.oval:def:11841",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11841"
          },
          {
            "name": "20101221 nSense-2010-005: Winamp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515388/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "42004",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42004"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=159785"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=324322"
        },
        {
          "name": "oval:org.mitre.oval:def:11841",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11841"
        },
        {
          "name": "20101221 nSense-2010-005: Winamp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515388/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4370",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42004",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42004"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=159785",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=159785"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=324322",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=324322"
            },
            {
              "name": "oval:org.mitre.oval:def:11841",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11841"
            },
            {
              "name": "20101221 nSense-2010-005: Winamp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/515388/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4370",
    "datePublished": "2010-12-02T16:00:00",
    "dateReserved": "2010-12-02T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-2498
Vulnerability from cvelistv5
Published
2007-05-04 00:00
Modified
2024-08-07 13:42
Severity ?
Summary
libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.
References
http://securitytracker.com/id?1017993vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/34030vdb-entry, x_refsource_XF
http://secunia.com/advisories/25089third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/23723vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2007/1594vdb-entry, x_refsource_VUPEN
https://www.exploit-db.com/exploits/3823exploit, x_refsource_EXPLOIT-DB
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:42:33.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017993",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017993"
          },
          {
            "name": "winamp-mp4-code-execution(34030)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34030"
          },
          {
            "name": "25089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25089"
          },
          {
            "name": "23723",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23723"
          },
          {
            "name": "ADV-2007-1594",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1594"
          },
          {
            "name": "3823",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/3823"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017993",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017993"
        },
        {
          "name": "winamp-mp4-code-execution(34030)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34030"
        },
        {
          "name": "25089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25089"
        },
        {
          "name": "23723",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23723"
        },
        {
          "name": "ADV-2007-1594",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1594"
        },
        {
          "name": "3823",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/3823"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2498",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017993",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017993"
            },
            {
              "name": "winamp-mp4-code-execution(34030)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34030"
            },
            {
              "name": "25089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25089"
            },
            {
              "name": "23723",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23723"
            },
            {
              "name": "ADV-2007-1594",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1594"
            },
            {
              "name": "3823",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/3823"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2498",
    "datePublished": "2007-05-04T00:00:00",
    "dateReserved": "2007-05-03T00:00:00",
    "dateUpdated": "2024-08-07T13:42:33.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4373
Vulnerability from cvelistv5
Published
2010-12-02 16:00
Modified
2024-08-07 03:43
Severity ?
Summary
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=159785"
          },
          {
            "name": "oval:org.mitre.oval:def:12425",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12425"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=324322"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=159785"
        },
        {
          "name": "oval:org.mitre.oval:def:12425",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12425"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=324322"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4373",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=159785",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=159785"
            },
            {
              "name": "oval:org.mitre.oval:def:12425",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12425"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=324322",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=324322"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4373",
    "datePublished": "2010-12-02T16:00:00",
    "dateReserved": "2010-12-02T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-0490
Vulnerability from cvelistv5
Published
2001-05-24 04:00
Modified
2024-08-08 04:21
Severity ?
Summary
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
References
http://archives.neohapsis.com/archives/bugtraq/2001-04/0518.htmlmailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:21:38.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20010429 Winamp 2.6x / 2.7x buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0518.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-05-08T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20010429 Winamp 2.6x / 2.7x buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0518.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-0490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20010429 Winamp 2.6x / 2.7x buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0518.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-0490",
    "datePublished": "2001-05-24T04:00:00",
    "dateReserved": "2001-05-24T00:00:00",
    "dateUpdated": "2024-08-08T04:21:38.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3995
Vulnerability from cvelistv5
Published
2009-12-18 18:00
Modified
2024-08-07 06:45
Severity ?
Summary
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:51.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2010:151",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-53/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-52/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=315355"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "name": "37374",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37374"
          },
          {
            "name": "ADV-2010-1957",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1957"
          },
          {
            "name": "37495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37495"
          },
          {
            "name": "ADV-2009-3575",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3575"
          },
          {
            "name": "20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
          },
          {
            "name": "40799",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40799"
          },
          {
            "name": "20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-55/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "MDVSA-2010:151",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-53/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-52/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=315355"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "name": "37374",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37374"
        },
        {
          "name": "ADV-2010-1957",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1957"
        },
        {
          "name": "37495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37495"
        },
        {
          "name": "ADV-2009-3575",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3575"
        },
        {
          "name": "20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
        },
        {
          "name": "40799",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40799"
        },
        {
          "name": "20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-55/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-3995",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2010:151",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-53/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-53/"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-52/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-52/"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=315355",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=315355"
            },
            {
              "name": "ADV-2010-1107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1107"
            },
            {
              "name": "SUSE-SR:2010:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
            },
            {
              "name": "37374",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37374"
            },
            {
              "name": "ADV-2010-1957",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1957"
            },
            {
              "name": "37495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37495"
            },
            {
              "name": "ADV-2009-3575",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3575"
            },
            {
              "name": "20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
            },
            {
              "name": "40799",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40799"
            },
            {
              "name": "20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-55/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-55/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-3995",
    "datePublished": "2009-12-18T18:00:00",
    "dateReserved": "2009-11-19T00:00:00",
    "dateUpdated": "2024-08-07T06:45:51.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4857
Vulnerability from cvelistv5
Published
2011-12-16 19:00
Modified
2024-08-07 00:16
Severity ?
Summary
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:34.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=332010"
          },
          {
            "name": "oval:org.mitre.oval:def:15351",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15351"
          },
          {
            "name": "winamp-it-bo(72054)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72054"
          },
          {
            "name": "46882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46882"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=332010"
        },
        {
          "name": "oval:org.mitre.oval:def:15351",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15351"
        },
        {
          "name": "winamp-it-bo(72054)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72054"
        },
        {
          "name": "46882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46882"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.winamp.com/showthread.php?t=332010",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=332010"
            },
            {
              "name": "oval:org.mitre.oval:def:15351",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15351"
            },
            {
              "name": "winamp-it-bo(72054)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72054"
            },
            {
              "name": "46882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46882"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-4857",
    "datePublished": "2011-12-16T19:00:00",
    "dateReserved": "2011-12-16T00:00:00",
    "dateUpdated": "2024-08-07T00:16:34.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-4356
Vulnerability from cvelistv5
Published
2009-12-18 19:00
Modified
2024-08-07 07:01
Severity ?
Summary
Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:01:20.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508532/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=315355"
          },
          {
            "name": "ADV-2009-3576",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3576"
          },
          {
            "name": "oval:org.mitre.oval:def:15743",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php"
          },
          {
            "name": "37387",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37387"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508532/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=315355"
        },
        {
          "name": "ADV-2009-3576",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3576"
        },
        {
          "name": "oval:org.mitre.oval:def:15743",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php"
        },
        {
          "name": "37387",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37387"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508532/100/0/threaded"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=315355",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=315355"
            },
            {
              "name": "ADV-2009-3576",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3576"
            },
            {
              "name": "oval:org.mitre.oval:def:15743",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743"
            },
            {
              "name": "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php",
              "refsource": "MISC",
              "url": "http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php"
            },
            {
              "name": "37387",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37387"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4356",
    "datePublished": "2009-12-18T19:00:00",
    "dateReserved": "2009-12-18T00:00:00",
    "dateUpdated": "2024-08-07T07:01:20.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4619
Vulnerability from cvelistv5
Published
2007-10-12 21:00
Modified
2024-08-07 15:01
Severity ?
Summary
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
References
http://www.securityfocus.com/bid/26042vdb-entry, x_refsource_BID
http://security.gentoo.org/glsa/glsa-200711-15.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/27507third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27223third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1469vendor-advisory, x_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-540-1vendor-advisory, x_refsource_UBUNTU
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608third-party-advisory, x_refsource_IDEFENSE
http://secunia.com/advisories/27210third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27601third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4061vdb-entry, x_refsource_VUPEN
http://bugzilla.redhat.com/show_bug.cgi?id=331991x_refsource_CONFIRM
http://secunia.com/advisories/27780third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/28548third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.htmlvendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/27878third-party-advisory, x_refsource_SECUNIA
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243x_refsource_CONFIRM
http://secunia.com/advisories/27355third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27628third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27399third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/37187vdb-entry, x_refsource_XF
http://www.mandriva.com/security/advisories?name=MDKSA-2007:214vendor-advisory, x_refsource_MANDRIVA
http://securitytracker.com/id?1018815vdb-entry, x_refsource_SECTRACK
https://issues.rpath.com/browse/RPL-1873x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=332571x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/3483vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2007-0975.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/27625third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.htmlvendor-advisory, x_refsource_SUSE
http://flac.sourceforge.net/changelog.html#flac_1_2_1x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/3484vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:01:09.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26042",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26042"
          },
          {
            "name": "GLSA-200711-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
          },
          {
            "name": "27507",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27507"
          },
          {
            "name": "27223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27223"
          },
          {
            "name": "DSA-1469",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1469"
          },
          {
            "name": "USN-540-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-540-1"
          },
          {
            "name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
          },
          {
            "name": "27210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27210"
          },
          {
            "name": "27601",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27601"
          },
          {
            "name": "ADV-2007-4061",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4061"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
          },
          {
            "name": "27780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27780"
          },
          {
            "name": "28548",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28548"
          },
          {
            "name": "FEDORA-2007-2596",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
          },
          {
            "name": "27878",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27878"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
          },
          {
            "name": "27355",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27355"
          },
          {
            "name": "27628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27628"
          },
          {
            "name": "27399",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27399"
          },
          {
            "name": "flac-media-files-bo(37187)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
          },
          {
            "name": "MDKSA-2007:214",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
          },
          {
            "name": "1018815",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018815"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1873"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
          },
          {
            "name": "ADV-2007-3483",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3483"
          },
          {
            "name": "RHSA-2007:0975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10571",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
          },
          {
            "name": "27625",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27625"
          },
          {
            "name": "SUSE-SR:2007:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
          },
          {
            "name": "ADV-2007-3484",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3484"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26042",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26042"
        },
        {
          "name": "GLSA-200711-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
        },
        {
          "name": "27507",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27507"
        },
        {
          "name": "27223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27223"
        },
        {
          "name": "DSA-1469",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1469"
        },
        {
          "name": "USN-540-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-540-1"
        },
        {
          "name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
        },
        {
          "name": "27210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27210"
        },
        {
          "name": "27601",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27601"
        },
        {
          "name": "ADV-2007-4061",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4061"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
        },
        {
          "name": "27780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27780"
        },
        {
          "name": "28548",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28548"
        },
        {
          "name": "FEDORA-2007-2596",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
        },
        {
          "name": "27878",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27878"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
        },
        {
          "name": "27355",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27355"
        },
        {
          "name": "27628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27628"
        },
        {
          "name": "27399",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27399"
        },
        {
          "name": "flac-media-files-bo(37187)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
        },
        {
          "name": "MDKSA-2007:214",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
        },
        {
          "name": "1018815",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018815"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1873"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
        },
        {
          "name": "ADV-2007-3483",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3483"
        },
        {
          "name": "RHSA-2007:0975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10571",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
        },
        {
          "name": "27625",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27625"
        },
        {
          "name": "SUSE-SR:2007:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
        },
        {
          "name": "ADV-2007-3484",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3484"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4619",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26042",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26042"
            },
            {
              "name": "GLSA-200711-15",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
            },
            {
              "name": "27507",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27507"
            },
            {
              "name": "27223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27223"
            },
            {
              "name": "DSA-1469",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1469"
            },
            {
              "name": "USN-540-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-540-1"
            },
            {
              "name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
            },
            {
              "name": "27210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27210"
            },
            {
              "name": "27601",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27601"
            },
            {
              "name": "ADV-2007-4061",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4061"
            },
            {
              "name": "http://bugzilla.redhat.com/show_bug.cgi?id=331991",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
            },
            {
              "name": "27780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27780"
            },
            {
              "name": "28548",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28548"
            },
            {
              "name": "FEDORA-2007-2596",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
            },
            {
              "name": "27878",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27878"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
            },
            {
              "name": "27355",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27355"
            },
            {
              "name": "27628",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27628"
            },
            {
              "name": "27399",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27399"
            },
            {
              "name": "flac-media-files-bo(37187)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
            },
            {
              "name": "MDKSA-2007:214",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
            },
            {
              "name": "1018815",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018815"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1873",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1873"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=332571",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
            },
            {
              "name": "ADV-2007-3483",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3483"
            },
            {
              "name": "RHSA-2007:0975",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10571",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
            },
            {
              "name": "27625",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27625"
            },
            {
              "name": "SUSE-SR:2007:022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
            },
            {
              "name": "http://flac.sourceforge.net/changelog.html#flac_1_2_1",
              "refsource": "CONFIRM",
              "url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
            },
            {
              "name": "ADV-2007-3484",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3484"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4619",
    "datePublished": "2007-10-12T21:00:00",
    "dateReserved": "2007-08-30T00:00:00",
    "dateUpdated": "2024-08-07T15:01:09.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-3188
Vulnerability from cvelistv5
Published
2006-02-04 02:00
Modified
2024-08-07 23:01
Severity ?
Summary
Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.
References
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378third-party-advisory, x_refsource_IDEFENSE
http://securityreason.com/securityalert/397third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/16462vdb-entry, x_refsource_BID
http://www.osvdb.org/22975vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/24417vdb-entry, x_refsource_XF
http://securitytracker.com/id?1015565vdb-entry, x_refsource_SECTRACK
http://securitytracker.com/id?1015621vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:58.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060201 Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378"
          },
          {
            "name": "397",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/397"
          },
          {
            "name": "16462",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16462"
          },
          {
            "name": "22975",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22975"
          },
          {
            "name": "winamp-wma-ext-bo(24417)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24417"
          },
          {
            "name": "1015565",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015565"
          },
          {
            "name": "1015621",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015621"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060201 Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378"
        },
        {
          "name": "397",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/397"
        },
        {
          "name": "16462",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16462"
        },
        {
          "name": "22975",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22975"
        },
        {
          "name": "winamp-wma-ext-bo(24417)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24417"
        },
        {
          "name": "1015565",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015565"
        },
        {
          "name": "1015621",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015621"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3188",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060201 Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=378"
            },
            {
              "name": "397",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/397"
            },
            {
              "name": "16462",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16462"
            },
            {
              "name": "22975",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22975"
            },
            {
              "name": "winamp-wma-ext-bo(24417)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24417"
            },
            {
              "name": "1015565",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015565"
            },
            {
              "name": "1015621",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015621"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3188",
    "datePublished": "2006-02-04T02:00:00",
    "dateReserved": "2005-10-12T00:00:00",
    "dateUpdated": "2024-08-07T23:01:58.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0833
Vulnerability from cvelistv5
Published
2009-03-05 20:00
Modified
2024-08-07 04:48
Severity ?
Summary
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information.
References
https://www.exploit-db.com/exploits/7696exploit, x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/33159vdb-entry, x_refsource_BID
http://secunia.com/advisories/33425third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15659vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.352Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "7696",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/7696"
          },
          {
            "name": "33159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33159"
          },
          {
            "name": "33425",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33425"
          },
          {
            "name": "oval:org.mitre.oval:def:15659",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15659"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "7696",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/7696"
        },
        {
          "name": "33159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33159"
        },
        {
          "name": "33425",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33425"
        },
        {
          "name": "oval:org.mitre.oval:def:15659",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15659"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0833",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "7696",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/7696"
            },
            {
              "name": "33159",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33159"
            },
            {
              "name": "33425",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33425"
            },
            {
              "name": "oval:org.mitre.oval:def:15659",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15659"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0833",
    "datePublished": "2009-03-05T20:00:00",
    "dateReserved": "2009-03-05T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-1176
Vulnerability from cvelistv5
Published
2002-12-20 05:00
Modified
2024-08-08 03:19
Severity ?
Summary
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
References
http://marc.info/?l=bugtraq&m=104025874209567&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:19:27.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-12-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1176",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1176",
    "datePublished": "2002-12-20T05:00:00",
    "dateReserved": "2002-09-30T00:00:00",
    "dateUpdated": "2024-08-08T03:19:27.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-3834
Vulnerability from cvelistv5
Published
2011-12-16 19:00
Modified
2024-08-06 23:46
Severity ?
Summary
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:46:03.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2011-81/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=332010"
          },
          {
            "name": "oval:org.mitre.oval:def:14981",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14981"
          },
          {
            "name": "46882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46882"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2011-81/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=332010"
        },
        {
          "name": "oval:org.mitre.oval:def:14981",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14981"
        },
        {
          "name": "46882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46882"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2011-3834",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://secunia.com/secunia_research/2011-81/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2011-81/"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=332010",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=332010"
            },
            {
              "name": "oval:org.mitre.oval:def:14981",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14981"
            },
            {
              "name": "46882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46882"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2011-3834",
    "datePublished": "2011-12-16T19:00:00",
    "dateReserved": "2011-09-26T00:00:00",
    "dateUpdated": "2024-08-06T23:46:03.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3137
Vulnerability from cvelistv5
Published
2010-08-26 18:00
Modified
2024-08-07 02:55
Severity ?
Summary
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "14789",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/14789"
          },
          {
            "name": "41093",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41093"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf"
          },
          {
            "name": "oval:org.mitre.oval:def:6874",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "14789",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/14789"
        },
        {
          "name": "41093",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41093"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf"
        },
        {
          "name": "oval:org.mitre.oval:def:6874",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3137",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "14789",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/14789"
            },
            {
              "name": "41093",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41093"
            },
            {
              "name": "http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf",
              "refsource": "MISC",
              "url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf"
            },
            {
              "name": "oval:org.mitre.oval:def:6874",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6874"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3137",
    "datePublished": "2010-08-26T18:00:00",
    "dateReserved": "2010-08-26T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-1524
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
Summary
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:26:28.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html"
          },
          {
            "name": "5832",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5832"
          },
          {
            "name": "winamp-xml-parser-bo(10228)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10228.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-03-21T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html"
        },
        {
          "name": "5832",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5832"
        },
        {
          "name": "winamp-xml-parser-bo(10228)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10228.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html"
            },
            {
              "name": "5832",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5832"
            },
            {
              "name": "winamp-xml-parser-bo(10228)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10228.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1524",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-02-23T00:00:00",
    "dateUpdated": "2024-08-08T03:26:28.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0547
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
Summary
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:37.312Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "winamp-mp3-id3v2-bo(8946)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/8946.php"
          },
          {
            "name": "4609",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4609"
          },
          {
            "name": "20020426 Mp3 file can execute code in Winamp [Sandblad advisory #5]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.winamp.com/download/newfeatures.jhtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-06-15T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "winamp-mp3-id3v2-bo(8946)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/8946.php"
        },
        {
          "name": "4609",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4609"
        },
        {
          "name": "20020426 Mp3 file can execute code in Winamp [Sandblad advisory #5]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.winamp.com/download/newfeatures.jhtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "winamp-mp3-id3v2-bo(8946)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/8946.php"
            },
            {
              "name": "4609",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4609"
            },
            {
              "name": "20020426 Mp3 file can execute code in Winamp [Sandblad advisory #5]",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0373.html"
            },
            {
              "name": "http://www.winamp.com/download/newfeatures.jhtml",
              "refsource": "MISC",
              "url": "http://www.winamp.com/download/newfeatures.jhtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0547",
    "datePublished": "2002-06-11T04:00:00",
    "dateReserved": "2002-06-07T00:00:00",
    "dateUpdated": "2024-08-08T02:56:37.312Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0820
Vulnerability from cvelistv5
Published
2004-09-02 04:00
Modified
2024-08-08 00:31
Severity ?
Summary
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
References
http://secunia.com/advisories/12381/third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/17124vdb-entry, x_refsource_XF
http://www.auscert.org.au/render.html?it=4338third-party-advisory, x_refsource_AUSCERT
http://www.frsirt.com/exploits/08252004.skinhead.phpx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:47.593Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "12381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12381/"
          },
          {
            "name": "winamp-wsz-execute-code(17124)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17124"
          },
          {
            "name": "ESB-2004.0537",
            "tags": [
              "third-party-advisory",
              "x_refsource_AUSCERT",
              "x_transferred"
            ],
            "url": "http://www.auscert.org.au/render.html?it=4338"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.frsirt.com/exploits/08252004.skinhead.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-08-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "12381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12381/"
        },
        {
          "name": "winamp-wsz-execute-code(17124)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17124"
        },
        {
          "name": "ESB-2004.0537",
          "tags": [
            "third-party-advisory",
            "x_refsource_AUSCERT"
          ],
          "url": "http://www.auscert.org.au/render.html?it=4338"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.frsirt.com/exploits/08252004.skinhead.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0820",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "12381",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12381/"
            },
            {
              "name": "winamp-wsz-execute-code(17124)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17124"
            },
            {
              "name": "ESB-2004.0537",
              "refsource": "AUSCERT",
              "url": "http://www.auscert.org.au/render.html?it=4338"
            },
            {
              "name": "http://www.frsirt.com/exploits/08252004.skinhead.php",
              "refsource": "MISC",
              "url": "http://www.frsirt.com/exploits/08252004.skinhead.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0820",
    "datePublished": "2004-09-02T04:00:00",
    "dateReserved": "2004-08-26T00:00:00",
    "dateUpdated": "2024-08-08T00:31:47.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5567
Vulnerability from cvelistv5
Published
2006-10-27 16:00
Modified
2024-08-07 19:55
Severity ?
Summary
Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:53.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:15686",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15686"
          },
          {
            "name": "1017119",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017119"
          },
          {
            "name": "20061025 AOL Nullsoft Winamp Lyrics3 v2.00 tags Heap Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432"
          },
          {
            "name": "winamp-lyrics3-bo(29807)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29807"
          },
          {
            "name": "22580",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22580"
          },
          {
            "name": "20744",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20744"
          },
          {
            "name": "winamp-ultravox-bo(29804)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29804"
          },
          {
            "name": "VU#449092",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/449092"
          },
          {
            "name": "1017120",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017120"
          },
          {
            "name": "ADV-2006-4196",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.winamp.com/player/version_history.php#5.31"
          },
          {
            "name": "20061025 AOL Nullsoft Winamp Ultravox \u0027ultravox-max-msg\u0027 Header Heap Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:15686",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15686"
        },
        {
          "name": "1017119",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017119"
        },
        {
          "name": "20061025 AOL Nullsoft Winamp Lyrics3 v2.00 tags Heap Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432"
        },
        {
          "name": "winamp-lyrics3-bo(29807)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29807"
        },
        {
          "name": "22580",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22580"
        },
        {
          "name": "20744",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20744"
        },
        {
          "name": "winamp-ultravox-bo(29804)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29804"
        },
        {
          "name": "VU#449092",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/449092"
        },
        {
          "name": "1017120",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017120"
        },
        {
          "name": "ADV-2006-4196",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.winamp.com/player/version_history.php#5.31"
        },
        {
          "name": "20061025 AOL Nullsoft Winamp Ultravox \u0027ultravox-max-msg\u0027 Header Heap Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:15686",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15686"
            },
            {
              "name": "1017119",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017119"
            },
            {
              "name": "20061025 AOL Nullsoft Winamp Lyrics3 v2.00 tags Heap Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=432"
            },
            {
              "name": "winamp-lyrics3-bo(29807)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29807"
            },
            {
              "name": "22580",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22580"
            },
            {
              "name": "20744",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20744"
            },
            {
              "name": "winamp-ultravox-bo(29804)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29804"
            },
            {
              "name": "VU#449092",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/449092"
            },
            {
              "name": "1017120",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017120"
            },
            {
              "name": "ADV-2006-4196",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4196"
            },
            {
              "name": "http://www.winamp.com/player/version_history.php#5.31",
              "refsource": "CONFIRM",
              "url": "http://www.winamp.com/player/version_history.php#5.31"
            },
            {
              "name": "20061025 AOL Nullsoft Winamp Ultravox \u0027ultravox-max-msg\u0027 Header Heap Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=431"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5567",
    "datePublished": "2006-10-27T16:00:00",
    "dateReserved": "2006-10-27T00:00:00",
    "dateUpdated": "2024-08-07T19:55:53.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1831
Vulnerability from cvelistv5
Published
2009-05-29 22:00
Modified
2024-08-07 05:27
Severity ?
Summary
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35052",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35052"
          },
          {
            "name": "8783",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8783"
          },
          {
            "name": "winamp-maki-overflow(50664)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50664"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html"
          },
          {
            "name": "oval:org.mitre.oval:def:15683",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683"
          },
          {
            "name": "8770",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8770"
          },
          {
            "name": "8767",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8767"
          },
          {
            "name": "8772",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8772"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "35052",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35052"
        },
        {
          "name": "8783",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8783"
        },
        {
          "name": "winamp-maki-overflow(50664)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50664"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html"
        },
        {
          "name": "oval:org.mitre.oval:def:15683",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683"
        },
        {
          "name": "8770",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8770"
        },
        {
          "name": "8767",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8767"
        },
        {
          "name": "8772",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8772"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1831",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35052",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35052"
            },
            {
              "name": "8783",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8783"
            },
            {
              "name": "winamp-maki-overflow(50664)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50664"
            },
            {
              "name": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html",
              "refsource": "MISC",
              "url": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html"
            },
            {
              "name": "oval:org.mitre.oval:def:15683",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683"
            },
            {
              "name": "8770",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8770"
            },
            {
              "name": "8767",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8767"
            },
            {
              "name": "8772",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8772"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1831",
    "datePublished": "2009-05-29T22:00:00",
    "dateReserved": "2009-05-29T00:00:00",
    "dateUpdated": "2024-08-07T05:27:54.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-1272
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-08 02:19
Severity ?
Summary
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:19:46.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030104 WinAmp v.3.0: buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
          },
          {
            "name": "6515",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6515"
          },
          {
            "name": "winamp-b4s-playlistname-bo(10980)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10980.php"
          },
          {
            "name": "winamp-b4s-path-bo(10981)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10981"
          },
          {
            "name": "6516",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030104 WinAmp v.3.0: buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
        },
        {
          "name": "6515",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6515"
        },
        {
          "name": "winamp-b4s-playlistname-bo(10980)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10980.php"
        },
        {
          "name": "winamp-b4s-path-bo(10981)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10981"
        },
        {
          "name": "6516",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1272",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030104 WinAmp v.3.0: buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
            },
            {
              "name": "6515",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6515"
            },
            {
              "name": "winamp-b4s-playlistname-bo(10980)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10980.php"
            },
            {
              "name": "winamp-b4s-path-bo(10981)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10981"
            },
            {
              "name": "6516",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1272",
    "datePublished": "2005-11-16T07:37:00",
    "dateReserved": "2005-11-16T00:00:00",
    "dateUpdated": "2024-08-08T02:19:46.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-1177
Vulnerability from cvelistv5
Published
2002-12-20 05:00
Modified
2024-08-08 03:19
Severity ?
Summary
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
References
http://www.securityfocus.com/bid/6429vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=104025874209567&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:19:27.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "6429",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6429"
          },
          {
            "name": "20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-12-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "6429",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6429"
        },
        {
          "name": "20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1177",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "6429",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6429"
            },
            {
              "name": "20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104025874209567\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1177",
    "datePublished": "2002-12-20T05:00:00",
    "dateReserved": "2002-09-30T00:00:00",
    "dateUpdated": "2024-08-08T03:19:27.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-1523
Vulnerability from cvelistv5
Published
2010-11-05 22:00
Modified
2024-08-07 01:28
Severity ?
Summary
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:41.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "44466",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44466"
          },
          {
            "name": "oval:org.mitre.oval:def:12056",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12056"
          },
          {
            "name": "20101027 Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514484/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2010-95/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=322995"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "44466",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44466"
        },
        {
          "name": "oval:org.mitre.oval:def:12056",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12056"
        },
        {
          "name": "20101027 Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514484/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2010-95/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=322995"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2010-1523",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44466",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44466"
            },
            {
              "name": "oval:org.mitre.oval:def:12056",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12056"
            },
            {
              "name": "20101027 Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/514484/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2010-95/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2010-95/"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=322995",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=322995"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2010-1523",
    "datePublished": "2010-11-05T22:00:00",
    "dateReserved": "2010-04-26T00:00:00",
    "dateUpdated": "2024-08-07T01:28:41.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3997
Vulnerability from cvelistv5
Published
2009-12-18 18:00
Modified
2024-08-07 06:45
Severity ?
Summary
Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=315355"
          },
          {
            "name": "20091217 Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/508524/100/0/threaded"
          },
          {
            "name": "37374",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37374"
          },
          {
            "name": "oval:org.mitre.oval:def:15715",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15715"
          },
          {
            "name": "37495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37495"
          },
          {
            "name": "ADV-2009-3575",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3575"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-57/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=315355"
        },
        {
          "name": "20091217 Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/508524/100/0/threaded"
        },
        {
          "name": "37374",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37374"
        },
        {
          "name": "oval:org.mitre.oval:def:15715",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15715"
        },
        {
          "name": "37495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37495"
        },
        {
          "name": "ADV-2009-3575",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3575"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-57/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2009-3997",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=315355",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=315355"
            },
            {
              "name": "20091217 Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/508524/100/0/threaded"
            },
            {
              "name": "37374",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37374"
            },
            {
              "name": "oval:org.mitre.oval:def:15715",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15715"
            },
            {
              "name": "37495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37495"
            },
            {
              "name": "ADV-2009-3575",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3575"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-57/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-57/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2009-3997",
    "datePublished": "2009-12-18T18:00:00",
    "dateReserved": "2009-11-19T00:00:00",
    "dateUpdated": "2024-08-07T06:45:50.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-1273
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-08 02:19
Severity ?
Summary
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:19:46.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030104 WinAmp v.3.0: buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
          },
          {
            "name": "winamp-b4s-playlistname-dos(10982)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10982"
          },
          {
            "name": "6517",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6517"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-01-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030104 WinAmp v.3.0: buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
        },
        {
          "name": "winamp-b4s-playlistname-dos(10982)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10982"
        },
        {
          "name": "6517",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6517"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1273",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030104 WinAmp v.3.0: buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html"
            },
            {
              "name": "winamp-b4s-playlistname-dos(10982)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10982"
            },
            {
              "name": "6517",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6517"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1273",
    "datePublished": "2005-11-16T07:37:00",
    "dateReserved": "2005-11-16T00:00:00",
    "dateUpdated": "2024-08-08T02:19:46.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-0708
Vulnerability from cvelistv5
Published
2006-02-15 11:00
Modified
2024-08-07 16:41
Severity ?
Summary
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:41:29.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "16623",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16623"
          },
          {
            "name": "20060213 New winamp m3u/pls .WMA \u0026 .M3U Extension overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/424903/100/0/threaded"
          },
          {
            "name": "winamp-m3u-wma-bo(24740)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
          },
          {
            "name": "ADV-2006-0613",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0613"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=238648"
          },
          {
            "name": "444",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/444"
          },
          {
            "name": "492",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/492"
          },
          {
            "name": "winamp-m3u-filename-bo(24741)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24741"
          },
          {
            "name": "winamp-pls-file1-bo(24739)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24739"
          },
          {
            "name": "1015621",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015621"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "16623",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16623"
        },
        {
          "name": "20060213 New winamp m3u/pls .WMA \u0026 .M3U Extension overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/424903/100/0/threaded"
        },
        {
          "name": "winamp-m3u-wma-bo(24740)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
        },
        {
          "name": "ADV-2006-0613",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0613"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=238648"
        },
        {
          "name": "444",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/444"
        },
        {
          "name": "492",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/492"
        },
        {
          "name": "winamp-m3u-filename-bo(24741)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24741"
        },
        {
          "name": "winamp-pls-file1-bo(24739)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24739"
        },
        {
          "name": "1015621",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015621"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0708",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "16623",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16623"
            },
            {
              "name": "20060213 New winamp m3u/pls .WMA \u0026 .M3U Extension overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/424903/100/0/threaded"
            },
            {
              "name": "winamp-m3u-wma-bo(24740)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24740"
            },
            {
              "name": "ADV-2006-0613",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0613"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?s=\u0026threadid=238648",
              "refsource": "MISC",
              "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=238648"
            },
            {
              "name": "444",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/444"
            },
            {
              "name": "492",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/492"
            },
            {
              "name": "winamp-m3u-filename-bo(24741)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24741"
            },
            {
              "name": "winamp-pls-file1-bo(24739)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24739"
            },
            {
              "name": "1015621",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015621"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0708",
    "datePublished": "2006-02-15T11:00:00",
    "dateReserved": "2006-02-15T00:00:00",
    "dateUpdated": "2024-08-07T16:41:29.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4371
Vulnerability from cvelistv5
Published
2010-12-02 16:00
Modified
2024-08-07 03:43
Severity ?
Summary
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.779Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=159785"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=324322"
          },
          {
            "name": "oval:org.mitre.oval:def:12309",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12309"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=159785"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=324322"
        },
        {
          "name": "oval:org.mitre.oval:def:12309",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12309"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4371",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=159785",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=159785"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=324322",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=324322"
            },
            {
              "name": "oval:org.mitre.oval:def:12309",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12309"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4371",
    "datePublished": "2010-12-02T16:00:00",
    "dateReserved": "2010-12-02T00:00:00",
    "dateUpdated": "2024-08-07T03:43:14.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1150
Vulnerability from cvelistv5
Published
2005-01-29 05:00
Modified
2024-08-08 00:39
Severity ?
Summary
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "winamp-incdda-bo(18840)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18840"
          },
          {
            "name": "12381",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12381"
          },
          {
            "name": "13781",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13781"
          },
          {
            "name": "20050127 NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110684140108614\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nsfocus.com/english/homepage/research/0501.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.winamp.com/player/version_history.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-01-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "winamp-incdda-bo(18840)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18840"
        },
        {
          "name": "12381",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12381"
        },
        {
          "name": "13781",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13781"
        },
        {
          "name": "20050127 NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110684140108614\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nsfocus.com/english/homepage/research/0501.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.winamp.com/player/version_history.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1150",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "winamp-incdda-bo(18840)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18840"
            },
            {
              "name": "12381",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12381"
            },
            {
              "name": "13781",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13781"
            },
            {
              "name": "20050127 NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110684140108614\u0026w=2"
            },
            {
              "name": "http://www.nsfocus.com/english/homepage/research/0501.htm",
              "refsource": "MISC",
              "url": "http://www.nsfocus.com/english/homepage/research/0501.htm"
            },
            {
              "name": "http://www.winamp.com/player/version_history.php",
              "refsource": "CONFIRM",
              "url": "http://www.winamp.com/player/version_history.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1150",
    "datePublished": "2005-01-29T05:00:00",
    "dateReserved": "2004-12-07T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-2392
Vulnerability from cvelistv5
Published
2007-10-31 16:00
Modified
2024-09-17 01:27
Severity ?
Summary
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
References
http://www.securityfocus.com/bid/5266vdb-entry, x_refsource_BID
http://seclists.org/bugtraq/2002/Jul/0205.htmlmailing-list, x_refsource_BUGTRAQ
http://www.iss.net/security_center/static/9630.phpvdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:59:11.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "5266",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5266"
          },
          {
            "name": "20020717 WINAMP also allows execution of arbitrary code (probably a lot more programs aswell)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2002/Jul/0205.html"
          },
          {
            "name": "winamp-wsz-code-execution(9630)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9630.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-10-31T16:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "5266",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5266"
        },
        {
          "name": "20020717 WINAMP also allows execution of arbitrary code (probably a lot more programs aswell)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2002/Jul/0205.html"
        },
        {
          "name": "winamp-wsz-code-execution(9630)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9630.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-2392",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "5266",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5266"
            },
            {
              "name": "20020717 WINAMP also allows execution of arbitrary code (probably a lot more programs aswell)",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2002/Jul/0205.html"
            },
            {
              "name": "winamp-wsz-code-execution(9630)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9630.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-2392",
    "datePublished": "2007-10-31T16:00:00Z",
    "dateReserved": "2007-10-31T00:00:00Z",
    "dateUpdated": "2024-09-17T01:27:05.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-0049
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-08 05:05
Severity ?
Summary
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
References
http://www.securityfocus.com/bid/925vdb-entry, x_refsource_BID
http://www.osvdb.org/12022vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:05:53.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "925",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/925"
          },
          {
            "name": "12022",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/12022"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-11-15T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "925",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/925"
        },
        {
          "name": "12022",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/12022"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0049",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "925",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/925"
            },
            {
              "name": "12022",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/12022"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0049",
    "datePublished": "2000-02-04T05:00:00",
    "dateReserved": "2000-01-22T00:00:00",
    "dateUpdated": "2024-08-08T05:05:53.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1791
Vulnerability from cvelistv5
Published
2009-05-26 17:00
Modified
2024-08-07 05:27
Severity ?
Summary
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
References
http://www.mandriva.com/security/advisories?name=MDVSA-2009:132vendor-advisory, x_refsource_MANDRIVA
http://www.mega-nerd.com/libsndfile/x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1324vdb-entry, x_refsource_VUPEN
http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/x_refsource_CONFIRM
http://secunia.com/advisories/35247third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1814vendor-advisory, x_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/50541vdb-entry, x_refsource_XF
http://secunia.com/advisories/35076third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200905-09.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/34978vdb-entry, x_refsource_BID
http://secunia.com/advisories/35443third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2009:132",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mega-nerd.com/libsndfile/"
          },
          {
            "name": "ADV-2009-1324",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1324"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
          },
          {
            "name": "35247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35247"
          },
          {
            "name": "DSA-1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1814"
          },
          {
            "name": "libsndfile-aiff-voc-bo(50541)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
          },
          {
            "name": "35076",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35076"
          },
          {
            "name": "GLSA-200905-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
          },
          {
            "name": "34978",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34978"
          },
          {
            "name": "35443",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35443"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2009:132",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mega-nerd.com/libsndfile/"
        },
        {
          "name": "ADV-2009-1324",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1324"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
        },
        {
          "name": "35247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35247"
        },
        {
          "name": "DSA-1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1814"
        },
        {
          "name": "libsndfile-aiff-voc-bo(50541)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
        },
        {
          "name": "35076",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35076"
        },
        {
          "name": "GLSA-200905-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
        },
        {
          "name": "34978",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34978"
        },
        {
          "name": "35443",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35443"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1791",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2009:132",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
            },
            {
              "name": "http://www.mega-nerd.com/libsndfile/",
              "refsource": "CONFIRM",
              "url": "http://www.mega-nerd.com/libsndfile/"
            },
            {
              "name": "ADV-2009-1324",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1324"
            },
            {
              "name": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/",
              "refsource": "CONFIRM",
              "url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
            },
            {
              "name": "35247",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35247"
            },
            {
              "name": "DSA-1814",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1814"
            },
            {
              "name": "libsndfile-aiff-voc-bo(50541)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
            },
            {
              "name": "35076",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35076"
            },
            {
              "name": "GLSA-200905-09",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
            },
            {
              "name": "34978",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34978"
            },
            {
              "name": "35443",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35443"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1791",
    "datePublished": "2009-05-26T17:00:00",
    "dateReserved": "2009-05-26T00:00:00",
    "dateUpdated": "2024-08-07T05:27:54.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-0476
Vulnerability from cvelistv5
Published
2006-01-31 11:00
Modified
2024-08-07 16:34
Severity ?
Summary
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
References
http://securityreason.com/securityalert/398third-party-advisory, x_refsource_SREASON
https://exchange.xforce.ibmcloud.com/vulnerabilities/24361vdb-entry, x_refsource_XF
http://securityreason.com/securityalert/386third-party-advisory, x_refsource_SREASON
http://securitytracker.com/id?1015552vdb-entry, x_refsource_SECTRACK
https://www.exploit-db.com/exploits/3422exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/18649third-party-advisory, x_refsource_SECUNIA
http://www.heise.de/newsticker/meldung/68981x_refsource_MISC
http://www.vupen.com/english/advisories/2006/0361vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/423548/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402vdb-entry, signature, x_refsource_OVAL
http://www.winamp.com/player/version_history.phpx_refsource_MISC
http://www.securityfocus.com/archive/1/423436/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/16410vdb-entry, x_refsource_BID
http://www.osvdb.org/22789vdb-entry, x_refsource_OSVDB
http://www.us-cert.gov/cas/techalerts/TA06-032A.htmlthird-party-advisory, x_refsource_CERT
http://www.kb.cert.org/vuls/id/604745third-party-advisory, x_refsource_CERT-VN
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:34:14.837Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/398"
          },
          {
            "name": "winamp-playlist-filename-bo(24361)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24361"
          },
          {
            "name": "386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/386"
          },
          {
            "name": "1015552",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015552"
          },
          {
            "name": "3422",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/3422"
          },
          {
            "name": "18649",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18649"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.heise.de/newsticker/meldung/68981"
          },
          {
            "name": "ADV-2006-0361",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0361"
          },
          {
            "name": "20060131 Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/423548/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1402",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.winamp.com/player/version_history.php"
          },
          {
            "name": "20060130 Winamp 5.12 - 0day exploit - code execution through playlist",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/423436/100/0/threaded"
          },
          {
            "name": "16410",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16410"
          },
          {
            "name": "22789",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/22789"
          },
          {
            "name": "TA06-032A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-032A.html"
          },
          {
            "name": "VU#604745",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/604745"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-01-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/398"
        },
        {
          "name": "winamp-playlist-filename-bo(24361)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24361"
        },
        {
          "name": "386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/386"
        },
        {
          "name": "1015552",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015552"
        },
        {
          "name": "3422",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/3422"
        },
        {
          "name": "18649",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18649"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.heise.de/newsticker/meldung/68981"
        },
        {
          "name": "ADV-2006-0361",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0361"
        },
        {
          "name": "20060131 Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/423548/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:1402",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.winamp.com/player/version_history.php"
        },
        {
          "name": "20060130 Winamp 5.12 - 0day exploit - code execution through playlist",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/423436/100/0/threaded"
        },
        {
          "name": "16410",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16410"
        },
        {
          "name": "22789",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/22789"
        },
        {
          "name": "TA06-032A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-032A.html"
        },
        {
          "name": "VU#604745",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/604745"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "398",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/398"
            },
            {
              "name": "winamp-playlist-filename-bo(24361)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24361"
            },
            {
              "name": "386",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/386"
            },
            {
              "name": "1015552",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015552"
            },
            {
              "name": "3422",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/3422"
            },
            {
              "name": "18649",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18649"
            },
            {
              "name": "http://www.heise.de/newsticker/meldung/68981",
              "refsource": "MISC",
              "url": "http://www.heise.de/newsticker/meldung/68981"
            },
            {
              "name": "ADV-2006-0361",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0361"
            },
            {
              "name": "20060131 Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/423548/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1402",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1402"
            },
            {
              "name": "http://www.winamp.com/player/version_history.php",
              "refsource": "MISC",
              "url": "http://www.winamp.com/player/version_history.php"
            },
            {
              "name": "20060130 Winamp 5.12 - 0day exploit - code execution through playlist",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/423436/100/0/threaded"
            },
            {
              "name": "16410",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16410"
            },
            {
              "name": "22789",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/22789"
            },
            {
              "name": "TA06-032A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-032A.html"
            },
            {
              "name": "VU#604745",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/604745"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0476",
    "datePublished": "2006-01-31T11:00:00",
    "dateReserved": "2006-01-31T00:00:00",
    "dateUpdated": "2024-08-07T16:34:14.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-3567
Vulnerability from cvelistv5
Published
2008-08-10 20:00
Modified
2024-08-07 09:45
Severity ?
Summary
Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:18.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:15716",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15716"
          },
          {
            "name": "winamp-nowplaying-unspecified(44207)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44207"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?threadid=295505"
          },
          {
            "name": "31371",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31371"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html"
          },
          {
            "name": "30539",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30539"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-08-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:15716",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15716"
        },
        {
          "name": "winamp-nowplaying-unspecified(44207)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44207"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?threadid=295505"
        },
        {
          "name": "31371",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31371"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html"
        },
        {
          "name": "30539",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30539"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:15716",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15716"
            },
            {
              "name": "winamp-nowplaying-unspecified(44207)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44207"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?threadid=295505",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?threadid=295505"
            },
            {
              "name": "31371",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31371"
            },
            {
              "name": "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html",
              "refsource": "MISC",
              "url": "http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html"
            },
            {
              "name": "30539",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30539"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3567",
    "datePublished": "2008-08-10T20:00:00",
    "dateReserved": "2008-08-10T00:00:00",
    "dateUpdated": "2024-08-07T09:45:18.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1396
Vulnerability from cvelistv5
Published
2005-02-12 05:00
Modified
2024-08-08 00:53
Severity ?
Summary
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:53:22.742Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "11909",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11909"
          },
          {
            "name": "VU#372968",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/372968"
          },
          {
            "name": "winamp-nsa-nsv-dos(18467)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18467"
          },
          {
            "name": "winamp-mp4-m4a-dos(18466)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18466"
          },
          {
            "name": "1012525",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/alerts/2004/Dec/1012525.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=202007"
          },
          {
            "name": "20041213 Winamp 5.07 (latest version) Remote Crash + other",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=110303988101973\u0026w=2"
          },
          {
            "name": "20041213 Winamp 5.07 (latest version) Remote Crash + other stupid shizle",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=110297310503541\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "11909",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11909"
        },
        {
          "name": "VU#372968",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/372968"
        },
        {
          "name": "winamp-nsa-nsv-dos(18467)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18467"
        },
        {
          "name": "winamp-mp4-m4a-dos(18466)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18466"
        },
        {
          "name": "1012525",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/alerts/2004/Dec/1012525.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=202007"
        },
        {
          "name": "20041213 Winamp 5.07 (latest version) Remote Crash + other",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=110303988101973\u0026w=2"
        },
        {
          "name": "20041213 Winamp 5.07 (latest version) Remote Crash + other stupid shizle",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=110297310503541\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1396",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "11909",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11909"
            },
            {
              "name": "VU#372968",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/372968"
            },
            {
              "name": "winamp-nsa-nsv-dos(18467)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18467"
            },
            {
              "name": "winamp-mp4-m4a-dos(18466)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18466"
            },
            {
              "name": "1012525",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/alerts/2004/Dec/1012525.html"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?s=\u0026threadid=202007",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?s=\u0026threadid=202007"
            },
            {
              "name": "20041213 Winamp 5.07 (latest version) Remote Crash + other",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=110303988101973\u0026w=2"
            },
            {
              "name": "20041213 Winamp 5.07 (latest version) Remote Crash + other stupid shizle",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=110297310503541\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1396",
    "datePublished": "2005-02-12T05:00:00",
    "dateReserved": "2005-02-12T00:00:00",
    "dateUpdated": "2024-08-08T00:53:22.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3442
Vulnerability from cvelistv5
Published
2014-05-23 14:00
Modified
2024-08-06 10:43
Severity ?
Summary
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:06.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "winamp-cve20143442-code-exec(93173)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93173"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/126636"
          },
          {
            "name": "67429",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67429"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "winamp-cve20143442-code-exec(93173)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93173"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/126636"
        },
        {
          "name": "67429",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67429"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3442",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "winamp-cve20143442-code-exec(93173)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93173"
            },
            {
              "name": "http://packetstormsecurity.com/files/126636",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/126636"
            },
            {
              "name": "67429",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67429"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3442",
    "datePublished": "2014-05-23T14:00:00",
    "dateReserved": "2014-05-09T00:00:00",
    "dateUpdated": "2024-08-06T10:43:06.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3890
Vulnerability from cvelistv5
Published
2012-07-11 10:00
Modified
2024-08-06 20:21
Severity ?
Summary
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:03.873Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=345684"
          },
          {
            "name": "46624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46624"
          },
          {
            "name": "oval:org.mitre.oval:def:15553",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553"
          },
          {
            "name": "54131",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54131"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=345684"
        },
        {
          "name": "46624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46624"
        },
        {
          "name": "oval:org.mitre.oval:def:15553",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553"
        },
        {
          "name": "54131",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54131"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-3890",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.winamp.com/showthread.php?t=345684",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=345684"
            },
            {
              "name": "46624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46624"
            },
            {
              "name": "oval:org.mitre.oval:def:15553",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553"
            },
            {
              "name": "54131",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54131"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-3890",
    "datePublished": "2012-07-11T10:00:00",
    "dateReserved": "2012-07-10T00:00:00",
    "dateUpdated": "2024-08-06T20:21:03.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-4045
Vulnerability from cvelistv5
Published
2012-07-22 17:00
Modified
2024-08-06 20:21
Severity ?
Summary
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:15335",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15335"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.winamp.com/showthread.php?t=345684"
          },
          {
            "name": "46624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46624"
          },
          {
            "name": "54131",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54131"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:15335",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15335"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.winamp.com/showthread.php?t=345684"
        },
        {
          "name": "46624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46624"
        },
        {
          "name": "54131",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54131"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-4045",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:15335",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15335"
            },
            {
              "name": "http://forums.winamp.com/showthread.php?t=345684",
              "refsource": "CONFIRM",
              "url": "http://forums.winamp.com/showthread.php?t=345684"
            },
            {
              "name": "46624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46624"
            },
            {
              "name": "54131",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54131"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-4045",
    "datePublished": "2012-07-22T17:00:00",
    "dateReserved": "2012-07-22T00:00:00",
    "dateUpdated": "2024-08-06T20:21:04.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-2412
Vulnerability from cvelistv5
Published
2007-11-01 17:00
Modified
2024-09-17 03:27
Severity ?
Summary
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
References
http://online.securityfocus.com/archive/1/273257mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/4781vdb-entry, x_refsource_BID
http://www.iss.net/security_center/static/9114.phpvdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:06:54.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020519 Plain Text Password Vulnerability in Winamp 2.80",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/273257"
          },
          {
            "name": "4781",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4781"
          },
          {
            "name": "winamp-plaintext-password(9114)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9114.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-11-01T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020519 Plain Text Password Vulnerability in Winamp 2.80",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/273257"
        },
        {
          "name": "4781",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4781"
        },
        {
          "name": "winamp-plaintext-password(9114)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9114.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-2412",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020519 Plain Text Password Vulnerability in Winamp 2.80",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/273257"
            },
            {
              "name": "4781",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4781"
            },
            {
              "name": "winamp-plaintext-password(9114)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9114.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-2412",
    "datePublished": "2007-11-01T17:00:00Z",
    "dateReserved": "2007-11-01T00:00:00Z",
    "dateUpdated": "2024-09-17T03:27:38.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0263
Vulnerability from cvelistv5
Published
2009-01-23 18:38
Modified
2024-08-07 04:24
Severity ?
Summary
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2009/0113vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/33226vdb-entry, x_refsource_BID
http://secunia.com/advisories/33478third-party-advisory, x_refsource_SECUNIA
https://www.exploit-db.com/exploits/7742exploit, x_refsource_EXPLOIT-DB
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:14756",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756"
          },
          {
            "name": "ADV-2009-0113",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0113"
          },
          {
            "name": "33226",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33226"
          },
          {
            "name": "33478",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33478"
          },
          {
            "name": "7742",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/7742"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:14756",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756"
        },
        {
          "name": "ADV-2009-0113",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0113"
        },
        {
          "name": "33226",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33226"
        },
        {
          "name": "33478",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33478"
        },
        {
          "name": "7742",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/7742"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0263",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:14756",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756"
            },
            {
              "name": "ADV-2009-0113",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0113"
            },
            {
              "name": "33226",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33226"
            },
            {
              "name": "33478",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33478"
            },
            {
              "name": "7742",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/7742"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0263",
    "datePublished": "2009-01-23T18:38:00",
    "dateReserved": "2009-01-23T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.509Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-1922
Vulnerability from cvelistv5
Published
2007-04-10 23:00
Modified
2024-08-07 13:13
Severity ?
Summary
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017886",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017886"
          },
          {
            "name": "winamp-inmod-code-execution(33480)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33480"
          },
          {
            "name": "[dailydave] 20070406 AOL Nullsoft Winamp S3M Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=dailydave\u0026m=117590046601511\u0026w=2"
          },
          {
            "name": "[dailydave] 20070406 AOL Nullsoft Winamp IT Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=dailydave\u0026m=117589949000906\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt"
          },
          {
            "name": "ADV-2007-1286",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1286"
          },
          {
            "name": "34430",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34430"
          },
          {
            "name": "34431",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34431"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt"
          },
          {
            "name": "20070406 AOL Nullsoft Winamp IT Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464893/100/0/threaded"
          },
          {
            "name": "20070406 AOL Nullsoft Winamp S3M Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464890/100/0/threaded"
          },
          {
            "name": "23350",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23350"
          },
          {
            "name": "2532",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2532"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017886",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017886"
        },
        {
          "name": "winamp-inmod-code-execution(33480)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33480"
        },
        {
          "name": "[dailydave] 20070406 AOL Nullsoft Winamp S3M Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=dailydave\u0026m=117590046601511\u0026w=2"
        },
        {
          "name": "[dailydave] 20070406 AOL Nullsoft Winamp IT Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=dailydave\u0026m=117589949000906\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt"
        },
        {
          "name": "ADV-2007-1286",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1286"
        },
        {
          "name": "34430",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34430"
        },
        {
          "name": "34431",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34431"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt"
        },
        {
          "name": "20070406 AOL Nullsoft Winamp IT Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/464893/100/0/threaded"
        },
        {
          "name": "20070406 AOL Nullsoft Winamp S3M Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/464890/100/0/threaded"
        },
        {
          "name": "23350",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23350"
        },
        {
          "name": "2532",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2532"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017886",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017886"
            },
            {
              "name": "winamp-inmod-code-execution(33480)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33480"
            },
            {
              "name": "[dailydave] 20070406 AOL Nullsoft Winamp S3M Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=dailydave\u0026m=117590046601511\u0026w=2"
            },
            {
              "name": "[dailydave] 20070406 AOL Nullsoft Winamp IT Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=dailydave\u0026m=117589949000906\u0026w=2"
            },
            {
              "name": "http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt",
              "refsource": "MISC",
              "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt"
            },
            {
              "name": "ADV-2007-1286",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1286"
            },
            {
              "name": "34430",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34430"
            },
            {
              "name": "34431",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34431"
            },
            {
              "name": "http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt",
              "refsource": "MISC",
              "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt"
            },
            {
              "name": "20070406 AOL Nullsoft Winamp IT Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/464893/100/0/threaded"
            },
            {
              "name": "20070406 AOL Nullsoft Winamp S3M Module \"IN_MOD.DLL\" Remote Heap Memory Corruption",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/464890/100/0/threaded"
            },
            {
              "name": "23350",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23350"
            },
            {
              "name": "2532",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2532"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1922",
    "datePublished": "2007-04-10T23:00:00",
    "dateReserved": "2007-04-10T00:00:00",
    "dateUpdated": "2024-08-07T13:13:41.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-2180
Vulnerability from cvelistv5
Published
2007-04-24 17:00
Modified
2024-08-07 13:23
Severity ?
Summary
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:51.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:15697",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15697"
          },
          {
            "name": "3768",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/3768"
          },
          {
            "name": "2601",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2601"
          },
          {
            "name": "23568",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23568"
          },
          {
            "name": "winamp-wmv-bo(33764)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33764"
          },
          {
            "name": "20070419 Winamp \u003c= (WMV) 5.3 Buffer Overflow DOS Exploit (0-DAY)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/466291/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:15697",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15697"
        },
        {
          "name": "3768",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/3768"
        },
        {
          "name": "2601",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2601"
        },
        {
          "name": "23568",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23568"
        },
        {
          "name": "winamp-wmv-bo(33764)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33764"
        },
        {
          "name": "20070419 Winamp \u003c= (WMV) 5.3 Buffer Overflow DOS Exploit (0-DAY)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/466291/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2180",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:15697",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15697"
            },
            {
              "name": "3768",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/3768"
            },
            {
              "name": "2601",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2601"
            },
            {
              "name": "23568",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23568"
            },
            {
              "name": "winamp-wmv-bo(33764)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33764"
            },
            {
              "name": "20070419 Winamp \u003c= (WMV) 5.3 Buffer Overflow DOS Exploit (0-DAY)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/466291/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2180",
    "datePublished": "2007-04-24T17:00:00",
    "dateReserved": "2007-04-24T00:00:00",
    "dateUpdated": "2024-08-07T13:23:51.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2310
Vulnerability from cvelistv5
Published
2005-07-19 04:00
Modified
2024-08-07 22:22
Severity ?
Summary
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
References
http://www.securityfocus.com/bid/14276vdb-entry, x_refsource_BID
http://securitytracker.com/id?1014483vdb-entry, x_refsource_SECTRACK
http://www.osvdb.org/17897vdb-entry, x_refsource_OSVDB
http://www.vupen.com/english/advisories/2005/1106vdb-entry, x_refsource_VUPEN
http://security.lss.hr/index.php?page=details&ID=LSS-2005-07-14x_refsource_MISC
http://secunia.com/advisories/16077third-party-advisory, x_refsource_SECUNIA
http://www.winamp.com/player/version_history.phpx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:22:48.933Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "14276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/14276"
          },
          {
            "name": "1014483",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1014483"
          },
          {
            "name": "17897",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/17897"
          },
          {
            "name": "ADV-2005-1106",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/1106"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2005-07-14"
          },
          {
            "name": "16077",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16077"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.winamp.com/player/version_history.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-01-17T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "14276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/14276"
        },
        {
          "name": "1014483",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1014483"
        },
        {
          "name": "17897",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/17897"
        },
        {
          "name": "ADV-2005-1106",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/1106"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2005-07-14"
        },
        {
          "name": "16077",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16077"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.winamp.com/player/version_history.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2310",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "14276",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/14276"
            },
            {
              "name": "1014483",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1014483"
            },
            {
              "name": "17897",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/17897"
            },
            {
              "name": "ADV-2005-1106",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/1106"
            },
            {
              "name": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2005-07-14",
              "refsource": "MISC",
              "url": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2005-07-14"
            },
            {
              "name": "16077",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16077"
            },
            {
              "name": "http://www.winamp.com/player/version_history.php",
              "refsource": "CONFIRM",
              "url": "http://www.winamp.com/player/version_history.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2310",
    "datePublished": "2005-07-19T04:00:00",
    "dateReserved": "2005-07-19T00:00:00",
    "dateUpdated": "2024-08-07T22:22:48.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-1921
Vulnerability from cvelistv5
Published
2007-04-10 23:00
Modified
2024-08-07 13:13
Severity ?
Summary
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.
References
http://osvdb.org/34432vdb-entry, x_refsource_OSVDB
http://www.securitytracker.com/id?1017886vdb-entry, x_refsource_SECTRACK
http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txtx_refsource_MISC
http://www.securityfocus.com/archive/1/464889/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/1286vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/33481vdb-entry, x_refsource_XF
http://securityreason.com/securityalert/2541third-party-advisory, x_refsource_SREASON
http://secunia.com/advisories/24766third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=dailydave&m=117589848432659&w=2mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/23351vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "34432",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34432"
          },
          {
            "name": "1017886",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017886"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt"
          },
          {
            "name": "20070406 AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464889/100/0/threaded"
          },
          {
            "name": "ADV-2007-1286",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1286"
          },
          {
            "name": "winamp-libsndfile-code-execution(33481)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33481"
          },
          {
            "name": "2541",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2541"
          },
          {
            "name": "24766",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24766"
          },
          {
            "name": "[dailydave] 20070406 AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=dailydave\u0026m=117589848432659\u0026w=2"
          },
          {
            "name": "23351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "34432",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34432"
        },
        {
          "name": "1017886",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017886"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt"
        },
        {
          "name": "20070406 AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/464889/100/0/threaded"
        },
        {
          "name": "ADV-2007-1286",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1286"
        },
        {
          "name": "winamp-libsndfile-code-execution(33481)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33481"
        },
        {
          "name": "2541",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2541"
        },
        {
          "name": "24766",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24766"
        },
        {
          "name": "[dailydave] 20070406 AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=dailydave\u0026m=117589848432659\u0026w=2"
        },
        {
          "name": "23351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1921",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34432",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34432"
            },
            {
              "name": "1017886",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017886"
            },
            {
              "name": "http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt",
              "refsource": "MISC",
              "url": "http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt"
            },
            {
              "name": "20070406 AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/464889/100/0/threaded"
            },
            {
              "name": "ADV-2007-1286",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1286"
            },
            {
              "name": "winamp-libsndfile-code-execution(33481)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33481"
            },
            {
              "name": "2541",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2541"
            },
            {
              "name": "24766",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24766"
            },
            {
              "name": "[dailydave] 20070406 AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=dailydave\u0026m=117589848432659\u0026w=2"
            },
            {
              "name": "23351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1921",
    "datePublished": "2007-04-10T23:00:00",
    "dateReserved": "2007-04-10T00:00:00",
    "dateUpdated": "2024-08-07T13:13:41.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-0624
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
Summary
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:21:31.534Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.winamp.com/getwinamp/newfeatures.jhtml"
          },
          {
            "name": "1496",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1496"
          },
          {
            "name": "20000720 Winamp M3U playlist parser buffer overflow security vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html"
          },
          {
            "name": "winamp-playlist-parser-bo(4956)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4956"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.winamp.com/getwinamp/newfeatures.jhtml"
        },
        {
          "name": "1496",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1496"
        },
        {
          "name": "20000720 Winamp M3U playlist parser buffer overflow security vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html"
        },
        {
          "name": "winamp-playlist-parser-bo(4956)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4956"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0624",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.winamp.com/getwinamp/newfeatures.jhtml",
              "refsource": "CONFIRM",
              "url": "http://www.winamp.com/getwinamp/newfeatures.jhtml"
            },
            {
              "name": "1496",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1496"
            },
            {
              "name": "20000720 Winamp M3U playlist parser buffer overflow security vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html"
            },
            {
              "name": "winamp-playlist-parser-bo(4956)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4956"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0624",
    "datePublished": "2000-10-13T04:00:00",
    "dateReserved": "2000-08-02T00:00:00",
    "dateUpdated": "2024-08-08T05:21:31.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1896
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
Summary
Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.
References
http://www.osvdb.org/4944vdb-entry, x_refsource_OSVDB
http://www.nextgenss.com/advisories/winampheap.txtx_refsource_MISC
http://securitytracker.com/id?1009660vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/10045vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=108118289208693&w=2mailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/15727vdb-entry, x_refsource_XF
http://secunia.com/advisories/11285third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:07:48.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "4944",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/4944"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nextgenss.com/advisories/winampheap.txt"
          },
          {
            "name": "1009660",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1009660"
          },
          {
            "name": "10045",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10045"
          },
          {
            "name": "20040405 NGSSoftware Insight Security Research Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108118289208693\u0026w=2"
          },
          {
            "name": "winamp-inmod-bo(15727)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15727"
          },
          {
            "name": "11285",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11285"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "4944",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/4944"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nextgenss.com/advisories/winampheap.txt"
        },
        {
          "name": "1009660",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1009660"
        },
        {
          "name": "10045",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10045"
        },
        {
          "name": "20040405 NGSSoftware Insight Security Research Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108118289208693\u0026w=2"
        },
        {
          "name": "winamp-inmod-bo(15727)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15727"
        },
        {
          "name": "11285",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11285"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1896",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "4944",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/4944"
            },
            {
              "name": "http://www.nextgenss.com/advisories/winampheap.txt",
              "refsource": "MISC",
              "url": "http://www.nextgenss.com/advisories/winampheap.txt"
            },
            {
              "name": "1009660",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1009660"
            },
            {
              "name": "10045",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10045"
            },
            {
              "name": "20040405 NGSSoftware Insight Security Research Advisory",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108118289208693\u0026w=2"
            },
            {
              "name": "winamp-inmod-bo(15727)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15727"
            },
            {
              "name": "11285",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11285"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1896",
    "datePublished": "2005-05-10T04:00:00",
    "dateReserved": "2005-05-04T00:00:00",
    "dateUpdated": "2024-08-08T01:07:48.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0546
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 02:56
Severity ?
Summary
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:37.080Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020403 Re: Winamp: Mp3 file can control the minibrowser",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html"
          },
          {
            "name": "20020403 Winamp: Mp3 file can control the minibrowser",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html"
          },
          {
            "name": "winamp-mp3-browser-css(8753)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/8753.php"
          },
          {
            "name": "4414",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4414"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-06-15T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020403 Re: Winamp: Mp3 file can control the minibrowser",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html"
        },
        {
          "name": "20020403 Winamp: Mp3 file can control the minibrowser",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html"
        },
        {
          "name": "winamp-mp3-browser-css(8753)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/8753.php"
        },
        {
          "name": "4414",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4414"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020403 Re: Winamp: Mp3 file can control the minibrowser",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html"
            },
            {
              "name": "20020403 Winamp: Mp3 file can control the minibrowser",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html"
            },
            {
              "name": "winamp-mp3-browser-css(8753)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/8753.php"
            },
            {
              "name": "4414",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4414"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0546",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-06-07T00:00:00",
    "dateUpdated": "2024-08-08T02:56:37.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}