Lucene search

PRIOn knowledge basePRION:CVE-2009-4356

HistoryDec 18, 2009 - 7:30 p.m.

Integer overflow

2009-12-1819:30:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.044 Low

EPSS

Percentile

92.2%

JSON

Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.

CPENameOperatorVersion
winampeq2.6.120
winampeq5.093
winampeq2.64
winampeq5.552
winampeq5.36
winampeq5.24
winampeq2.62
winampeq5.111
winampeq2.24
winampeq0.92

Name	Operator	Version
winamp	eq	2.6.120
winamp	eq	5.093
winamp	eq	2.64
winamp	eq	5.552
winamp	eq	5.36
winamp	eq	5.24
winamp	eq	2.62
winamp	eq	5.111
winamp	eq	2.24
winamp	eq	0.92

Rows per page:

1-10 of 961

References

forums.winamp.com/showthread.php?threadid=315355

www.securityfocus.com/archive/1/508532/100/0/threaded

www.securityfocus.com/bid/37387

www.vupen.com/english/advisories/2009/3576

www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.044 Low

EPSS

Percentile

92.2%

JSON

Related for PRION:CVE-2009-4356