61 matches found
CVE-2011-3834
Winamp
CVE-2007-4619
CVE-2007-4619 describes multiple heap/stack-based overflows in FLAC libFLAC before 1.2.1 that could allow remote code execution via malformed FLAC files. Public advisories confirm upgrades to FLAC 1.2.1 fix the issue (e.g., Debian DSA-1469-1, CentOS/RHEL advisories, Fedora updates). Affected prod...
CVE-2009-1788
The CVE-2009-1788 issue is a heap-based buffer overflow in libsndfile’s voc_read_header function (versions 1.0.15–1.0.19). It can be triggered by a malformed VOC header, allowing a remote attacker to cause an application crash (denial of service) and potentially execute arbitrary code via a craft...
CVE-2009-3995
Summary (CVE-2009-3995) : The issue arises from multiple heap-based buffer overflows in MikMod (libmikmod, loaders/load_it.c, possibly version 3.1.12) used by Impulse Tracker-compatible formats. Exploitation via specially crafted Impulse Tracker samples or instrument definitions could allow a rem...
CVE-2009-0186
CVE-2009-0186 concerns libsndfile 1.0.18 and its CAF file parser. The vulnerability is an integer overflow in CAF chunk handling that can trigger a heap-based buffer overflow, allowing context-dependent attackers to potentially execute arbitrary code via crafted CAF files. The issue was publicly ...
CVE-2009-1791
Technical details about CVE-2009-1791 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2009-1831
The CVE-2009-1831 flaw affects Nullsoft Winamp’s gen_ff.dll in versions before 5.552. It allows a remote attacker to trigger a stack-based buffer overflow while parsing a MAKI file, caused by an incorrect sign extension and an integer overflow. Result: remote code execution or crashes as describe...
CVE-2009-3996
CVE-2009-3996 is a heap-based buffer overflow in the MikMod library used by libmikmod (and implicated by Winamp’s Module Decoder Plug‑in in older builds). Specifically, specially crafted Ultratracker/Impulse Tracker music files could overflow buffers, allowing arbitrary code execution or crashes ...
CVE-2013-4694
Winamp
CVE-2009-3997
The CVE-2009-3997 issue affects Winamp’s Module Decoder Plug‑in (IN_MOD.DLL). The vulnerability is a heap-based buffer overflow triggered by an Oktalyzer file, and it could allow remote code execution in Winamp builds prior to 5.57. Documented details consistently describe an integer/heap overflo...
CVE-2012-3890
The CVE-2012-3890 issue affects Winamp prior to version 5.63, due to a flaw in the in_mod.dll when parsing Impulse Tracker (.it) files, allowing remote attackers to trigger heap memory corruption and potentially other impacts. Microsoft’s advisory MSVR12-011 notes multiple vulnerabilities in Winamp
CVE-2003-1273
Winamp 3.0 is affected: processing a .b4s playlist file with a name containing non-English characters (e.g., Cyrillic) can crash the application, causing a denial of service. The provided documents do not specify a patch or exact remediation; no exploitation details are given. In short, vulnerabl...
CVE-2010-2586
Winamp (in_nsv.dll, in_nsv plugin) is affected by CVE-2010-2586. Multiple integer overflows in the NSV handling can trigger a heap-based buffer overflow when processing a crafted TOC in an NSV stream or NSV file, allowing remote code execution. Affected software is Winamp before version 5.6; the ...
CVE-2007-2498
CVE-2007-2498 affects Winamp for Windows (versions 5.02–5.34). A flaw in the MP4 handling in libmp4v2.dll allows a user‑assisted remote attacker to execute arbitrary code by opening a crafted MP4 file, due to improper parsing. The vulnerability can enable full control over the affected host (as d...
CVE-2010-3137
CVE-2010-3137 targets Winamp 5.581 (and potentially other versions) via an untrusted search path: a Trojan wnaspi32.dll placed in the same folder as specific media files (.669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf, .cda) can enable DLL hijacking and arbitrary code execution. The connected Ope...
CVE-2004-1119
CVE-2004-1119 describes a stack-based buffer overflow in Winamp’s IN_CDDA.dll, triggered by parsing playlist files (notably .m3u) or CD audio references. Exploitation could allow remote arbitrary code execution on affected Winamp versions (e.g., 5.05/5.06; later found variants up to 5.07 in advis...
CVE-2006-0476
Winamp 5.13 and earlier variants (notably 5.12) are affected by buffer-overflow flaws triggered by crafted playlist files (M3U/PLS) containing long URLs/filenames, enabling remote code execution. Connected sources document CVE-2006-0476 and related CVEs (e.g., CVE-2006-0708, CVE-2005-3188) descri...
CVE-2010-1523
Summary (CVE-2010-1523): Winamp’s VP6 codec vp6.w5s contains a heap-based buffer overflow in the VP6 content parsing when handling crafted VP6 video files/streams, potentially allowing remote code execution. Affected software: Winamp before 5.59 Beta build 3033. Underlying cause: heap-based overf...
CVE-2010-4371
CVE-2010-4371 is a buffer overflow in Winamp’s in_mod plugin (pre-5.6) exploitable via the comment box. The OpenVAS/NVD records confirm the affected component and version range, with the root cause being a buffer overflow in in_mod. Impact is described as unspecified in the source, and no remedia...
CVE-2012-3889
CVE-2012-3889 affects Winamp up to version 5.62/5.63 where the in_mod.dll handling of Impulse Tracker (.it) files can trigger memory corruption. The MSVR12-011 advisory confirms multiple vulnerabilities in Winamp 5.623 and earlier, enabling potential arbitrary code execution when a user opens a c...
CVE-2000-0049
The CVE-2000-0049 vulnerability is a buffer overflow in the Winamp client triggered by a long entry in a .pls file, enabling remote command execution. Documents identify the affected software as Winamp and describe the vulnerability type as a buffer overflow in processing crafted playlist entries...
CVE-2005-2310
CVE-2005-2310 : Winamp 5.03a, 5.09, 5.091 and other builds before 5.094 are affected by a buffer overflow in ID3v2 tag handling. An MP3 file with a crafted long ID3v2 tag (e.g., ARTIST or TITLE) can be parsed by Winamp, enabling a remote attacker to execute arbitrary code with the caller’s privil...
CVE-2006-5567
CVE-2006-5567 affects AOL Nullsoft Winamp prior to version 5.31. The vulnerability consists of multiple heap-based buffer overflows in the Ultravox handling code: specifically in processing the ultravox-max-msg header and in Lyrics3 tag parsing. The flaws allow a remote attacker to execute arbitr...
CVE-2005-3188
CVE-2005-3188 corresponds to a buffer overflow in Nullsoft Winamp 5.094, triggered by crafted playlist references in m3u or pls files (long lines ending in .wma). The issue enables remote code execution due to inadequate input sanitization during playlist processing. Relatedly, CVE-2006-0476 cove...
CVE-2007-1922
CVE-2007-1922 affects AOL Nullsoft Winamp 5.33, specifically the IT and S3M modules in IN_MOD.DLL. A crafted .IT or .S3M file containing integer values used as memory offsets can trigger memory corruption, enabling remote attackers to execute arbitrary code. Risk assessment and exact exploitation...
CVE-2004-1896
This CVE affects Nullsoft Winamp versions 2.91 through 5.02, with a heap-based overflow in the in_mod.dll parser for Fasttracker 2 (.xm) mods. The vulnerability allows remote code execution via a malformed XM file, caused by a bound-check/heap-overflow condition in the XM/.MOD parsing path. The r...
CVE-2004-2384
Affected software: NullSoft Winamp versions around 5.02 and older (Winamp
CVE-2006-0708
CVE-2006-0708 describes multiple buffer overflows in Nullsoft Winamp 5.13 and earlier that allow remote code execution via crafted playlists (.m3u/.pls) with long URLs or filenames ending in .wma. Connected docs confirm related variants (CVE-2005-3188, CVE-2006-0476) and publicly available exploi...
CVE-2001-0490
The CVE-2001-0490 entry concerns WINAMP 2.6x and 2.7x. A vulnerability exists in the AIP file handling that can cause a buffer overflow when processing a long string in an AIP file, allowing potential arbitrary code execution. The available documents identify the affected product and the input-ba...
CVE-2003-0765
The CVE-2003-0765 entry affects the IN_MIDI.DLL plugin (version 3.01 and earlier) used by Winamp 2.91. According to the description, a remote attacker could execute arbitrary code by feeding a MIDI file containing a large Track data size value. The connected documents confirm Winamp/IN_MIDI.DLL a...
CVE-2004-1150
Winamp is affected by a stack-based buffer overflow in the in_cdda.dll plugin (affected versions: 5.0 through 5.08c). The flaw is triggered when processing cda:// URLs that include an over-long device name or track number, e.g., via crafted m3u/pls playlists. Exploitation enables arbitrary code e...
CVE-2010-4373
CVE-2010-4373 affects Winamp
CVE-2004-1396
Winamp 5.07 (and possibly other versions) is vulnerable to remote denial of service by processing malformed media files: (1) an mp4/m4a playlist with invalid tag data, or (2) an invalid .nsv/.nsa file. This can cause the application to crash or exhibit high CPU usage. No remediation details are p...
CVE-2009-4356
Winamp
CVE-2002-2392
Affected product: Winamp 2.65 through 3.0. Vulnerable component: skin files (wsz and wal) stored in a predictable location. Root cause: a URL reference to these skin files can cause embedded code to be executed. Impact: remote attackers could execute arbitrary code. Exploitation details: CVE desc...
CVE-2006-0720
Winamp 5.12/5.13 are affected by a stack-based buffer overflow in .m3u handling. The vulnerability stems from an incorrect strncpy call when pausing or stopping playback, leading to a denial of service and potential arbitrary code execution. Public PoCs/exploits exist for Winamp 5.12 (.m3u) and a...
CVE-2008-3441
Winamp prior to 5.24 fails to verify update authenticity, enabling MITM attackers to run arbitrary code through Trojan horse updates. The vulnerability is demonstrated by use of evilgrade and DNS cache poisoning. Affected component is the update verification process; root cause relates to insuffi...
CVE-2002-0284
The CVE-2002-0284 entry affects Winamp versions 2.77 and 2.78. When opening a WMA file that requires a license, Winamp apparently sends the full path of the Temporary Internet Files directory to the web page processing the license, potentially allowing a malicious web server to obtain that pathna...
CVE-2002-1176
This CVE concerns Winamp 2.81 (and Winamp 3.0) with buffer overflows in ID3v2 tag handling. A long Artist ID3v2 tag in an MP3 can cause a crash or allow remote code execution when loaded, per Foundstone advisory and NVD entry. Winamp 2.81 and Winamp 3.0 contain the overflow in the Artist field of...
CVE-2002-1177
CVE-2002-1177 maps to multiple buffer overflows in Winamp 3.0, specifically in the Media Library handling of ID3v2 tags. The vulnerability occurs when displaying an MP3 in the Media Library window, where long Artist or Album ID3v2 tags can cause memory corruption, enabling remote code execution. ...
CVE-2009-0263
CVE-2009-0263 affects Winamp (AIFF file parsing) and is caused by buffer overflows in the AIFF/header parsing code. Multiple documented vectors include a large COMM header value in AIFF files and a large invalid value in MP3 files, enabling remote denial of service and potentially arbitrary code ...
CVE-2012-4045
CVE-2012-4045 affects Winamp prior to 5.63 build 3235, caused by multiple heap-based buffer overflows in bmp.w5s handling specific data (strf chunk in BI_RGB, UYVY video data in AVI, and decompressed TSCC data in AVI). The vulnerability allows remote code execution, with attack vector over a netw...
CVE-2002-0547
CVE-2002-0547: A buffer overflow in the Winamp mini-browser (Winamp 2.79 and earlier) can be triggered by a long string in the ID3v2 tag title field, allowing remote attackers to cause a crash (DoS) and potentially execute arbitrary code. The available documents confirm the affected software and ...
CVE-2007-1921
The CVE-2007-1921 entry concerns LIBSNDFILE.DLL as used by AOL Nullsoft Winamp 5.33 (and possibly other products). A crafted .MAT file that contains a value used as an offset can trigger memory corruption, enabling remote code execution under the user’s privileges. The connected Nessus plugin ref...
CVE-2007-2180
CVE-2007-2180 describes a buffer overflow in Nullsoft Winamp 5.3 triggered by processing crafted WMV files, allowing a user‑assisted remote attacker to crash the player (denial of service). The affected software is Winamp 5.3; the vulnerability stems from improper handling of WMV content, leading...
CVE-2014-3442
Winamp
CVE-2000-0624
CVE-2000-0624 describes a buffer overflow in Winamp 2.64 and earlier that can be triggered by a long #EXTINF: extension in an M3U playlist, potentially allowing a remote attacker to execute arbitrary commands. The initial reports do not provide additional technical specifics beyond this descripti...
CVE-2003-1272
CVE-2003-1272 affects Winamp 3.0. The vulnerability is described as multiple buffer overflows in Winamp’s b4s file handling, specifically when a long playlist name or a long path is passed to the Playstring parameter. This can allow a remote attacker to crash the application and potentially execu...
CVE-2004-0820
Affected software: Winamp prior to 5.0.5. Vulnerability: remote code execution by parsing a malformed .WSZ (Winamp Skin) file; HTML/ scripts referenced from XML inside the WSZ are executed in the Local Computer Zone. Root cause: improper handling of skin XML/HTML references within WSZ, enabling a...
CVE-2002-2195
The CVE-2002-2195 issue affects Winamp 2.80 and earlier, where a buffer overflow in the version update check can be triggered by a long server response from a spoofed www.winamp.com host, allowing remote code execution. This is caused by improper handling of the server response in the update-chec...