Lucene search

[email protected]CVE-2009-4356

HistoryDec 18, 2009 - 7:30 p.m.

CVE-2009-4356

2009-12-1819:30:00

CWE-189

[email protected]

web.nvd.nist.gov

winamp

5.57

jpeg

png

filters

integer overflow

cve-2009-4356

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.068 Low

EPSS

Percentile

93.9%

JSON

Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.

Affected configurations

NVD

Node

nullsoftwinampRange≤5.56

nullsoftwinampMatch0.20a

nullsoftwinampMatch0.92

nullsoftwinampMatch1.006

nullsoftwinampMatch1.90

nullsoftwinampMatch2.0

nullsoftwinampMatch2.4

nullsoftwinampMatch2.5e

nullsoftwinampMatch2.6

nullsoftwinampMatch2.6x

nullsoftwinampMatch2.7x

nullsoftwinampMatch2.9

nullsoftwinampMatch2.10

nullsoftwinampMatch2.24

nullsoftwinampMatch2.50

nullsoftwinampMatch2.60

nullsoftwinampMatch2.60full

nullsoftwinampMatch2.60lite

nullsoftwinampMatch2.61

nullsoftwinampMatch2.61full

nullsoftwinampMatch2.62

nullsoftwinampMatch2.62standard

nullsoftwinampMatch2.64

nullsoftwinampMatch2.64standard

nullsoftwinampMatch2.65

nullsoftwinampMatch2.70

nullsoftwinampMatch2.70full

nullsoftwinampMatch2.71

nullsoftwinampMatch2.72

nullsoftwinampMatch2.73

nullsoftwinampMatch2.73full

nullsoftwinampMatch2.74

nullsoftwinampMatch2.75

nullsoftwinampMatch2.76

nullsoftwinampMatch2.77

nullsoftwinampMatch2.78

nullsoftwinampMatch2.79

nullsoftwinampMatch2.80

nullsoftwinampMatch2.81

nullsoftwinampMatch2.90

nullsoftwinampMatch2.91

nullsoftwinampMatch2.92

nullsoftwinampMatch2.95

nullsoftwinampMatch3.0

nullsoftwinampMatch3.1

nullsoftwinampMatch5.0

nullsoftwinampMatch5.0.1

nullsoftwinampMatch5.0.2

nullsoftwinampMatch5.01

nullsoftwinampMatch5.1

nullsoftwinampMatch5.1-surround

nullsoftwinampMatch5.02

nullsoftwinampMatch5.2

nullsoftwinampMatch5.3

nullsoftwinampMatch5.03

nullsoftwinampMatch5.03a

nullsoftwinampMatch5.04

nullsoftwinampMatch5.05

nullsoftwinampMatch5.5

nullsoftwinampMatch5.06

nullsoftwinampMatch5.07

nullsoftwinampMatch5.08

nullsoftwinampMatch5.08c

nullsoftwinampMatch5.08d

nullsoftwinampMatch5.08e

nullsoftwinampMatch5.08c

nullsoftwinampMatch5.08d

nullsoftwinampMatch5.08e

nullsoftwinampMatch5.09

nullsoftwinampMatch5.11

nullsoftwinampMatch5.12

nullsoftwinampMatch5.13

nullsoftwinampMatch5.21

nullsoftwinampMatch5.22

nullsoftwinampMatch5.23

nullsoftwinampMatch5.24

nullsoftwinampMatch5.31

nullsoftwinampMatch5.32

nullsoftwinampMatch5.33

nullsoftwinampMatch5.34

nullsoftwinampMatch5.35

nullsoftwinampMatch5.36

nullsoftwinampMatch5.51

nullsoftwinampMatch5.52

nullsoftwinampMatch5.53

nullsoftwinampMatch5.54

nullsoftwinampMatch5.55

nullsoftwinampMatch5.091

nullsoftwinampMatch5.093

nullsoftwinampMatch5.094

nullsoftwinampMatch5.111

nullsoftwinampMatch5.112

nullsoftwinampMatch5.531

nullsoftwinampMatch5.541

nullsoftwinampMatch5.551

nullsoftwinampMatch5.552

CPENameOperatorVersion
nullsoft:winampnullsoft winample5.56
nullsoft:winampnullsoft winampeq0.20a
nullsoft:winampnullsoft winampeq0.92
nullsoft:winampnullsoft winampeq1.006
nullsoft:winampnullsoft winampeq1.90
nullsoft:winampnullsoft winampeq2.0
nullsoft:winampnullsoft winampeq2.4
nullsoft:winampnullsoft winampeq2.5e
nullsoft:winampnullsoft winampeq2.6
nullsoft:winampnullsoft winampeq2.6x

CPE	Name	Operator	Version
nullsoft:winamp	nullsoft winamp	le	5.56
nullsoft:winamp	nullsoft winamp	eq	0.20a
nullsoft:winamp	nullsoft winamp	eq	0.92
nullsoft:winamp	nullsoft winamp	eq	1.006
nullsoft:winamp	nullsoft winamp	eq	1.90
nullsoft:winamp	nullsoft winamp	eq	2.0
nullsoft:winamp	nullsoft winamp	eq	2.4
nullsoft:winamp	nullsoft winamp	eq	2.5e
nullsoft:winamp	nullsoft winamp	eq	2.6
nullsoft:winamp	nullsoft winamp	eq	2.6x