Winamp Security Vulnerabilities
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
7AI Score
0.016EPSS
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.
7AI Score
0.109EPSS
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.
6.7AI Score
0.004EPSS
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.
6.6AI Score
0.004EPSS
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
7.7AI Score
0.327EPSS
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.
8.2AI Score
0.05EPSS
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
7.7AI Score
0.005EPSS
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
7.7AI Score
0.005EPSS
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
8AI Score
0.05EPSS
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local...
8AI Score
0.177EPSS
7.8CVSS
7.6AI Score
0.001EPSS
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
7AI Score
0.021EPSS
Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8."
7.3CVSS
7.7AI Score
0.0004EPSS
Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address may be used as a return value starting at f263!GetWinamp5SystemComponent+0x0000000000001951."
7.8CVSS
7.9AI Score
0.001EPSS
Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f."
7.8CVSS
7.9AI Score
0.001EPSS
Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
7.8CVSS
7.9AI Score
0.001EPSS