Vulnerabilities (CVE)

Filtered by vendor Nullsoft Subscribe
Filtered by product Winamp
Total 62 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1791 2 Mega-nerd, Nullsoft 2 Libsndfile, Winamp 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
CVE-2008-3441 1 Nullsoft 1 Winamp 2023-12-10 7.5 HIGH N/A
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3567 1 Nullsoft 1 Winamp 2023-12-10 4.3 MEDIUM N/A
Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
CVE-2009-0263 1 Nullsoft 1 Winamp 2023-12-10 10.0 HIGH N/A
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
CVE-2009-1788 2 Mega-nerd, Nullsoft 2 Libsndfile, Winamp 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
CVE-2009-0186 2 Mega-nerd, Nullsoft 2 Libsndfile, Winamp 2023-12-10 9.3 HIGH N/A
Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.
CVE-2009-1831 1 Nullsoft 1 Winamp 2023-12-10 9.3 HIGH N/A
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
CVE-2007-4392 1 Nullsoft 1 Winamp 2023-12-10 4.3 MEDIUM N/A
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.
CVE-2006-5567 1 Nullsoft 1 Winamp 2023-12-10 9.3 HIGH N/A
Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.
CVE-2007-2498 1 Nullsoft 1 Winamp 2023-12-10 9.3 HIGH N/A
libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.
CVE-2007-1922 1 Nullsoft 1 Winamp 2023-12-10 9.3 HIGH N/A
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
CVE-2007-4619 2 Flac, Nullsoft 2 Libflac, Winamp 2023-12-10 9.3 HIGH N/A
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
CVE-2007-1921 1 Nullsoft 1 Winamp 2023-12-10 9.3 HIGH N/A
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.
CVE-2007-2180 1 Nullsoft 1 Winamp 2023-12-10 7.1 HIGH N/A
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
CVE-2006-3228 1 Nullsoft 1 Winamp 2023-12-10 9.3 HIGH N/A
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
CVE-2006-0708 1 Nullsoft 1 Winamp 2023-12-10 9.3 HIGH N/A
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
CVE-2004-1119 1 Nullsoft 1 Winamp 2023-12-10 10.0 HIGH N/A
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
CVE-2004-2384 1 Nullsoft 1 Winamp 2023-12-10 5.0 MEDIUM N/A
NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.
CVE-2006-0720 1 Nullsoft 1 Winamp 2023-12-10 7.6 HIGH N/A
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
CVE-2005-2310 1 Nullsoft 1 Winamp 2023-12-10 9.3 HIGH N/A
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.