Winamp Security Vulnerabilities and Issues — Winamp CVE List

Lucene search

NullsoftWinamp

10 matches found

CVE•added 2005/11/16 7:37 a.m.•45 views

CVE-2003-1273

Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.

2.1CVSS6.6AI score0.00229EPSS

CVE•added 2005/01/10 5:0 a.m.•44 views

CVE-2004-1119

Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.

10CVSS8.1AI score0.52162EPSS

CVE•added 2005/07/19 4:0 a.m.•43 views

CVE-2005-2310

Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.

9.3CVSS7.9AI score0.0772EPSS

CVE•added 2005/05/10 4:0 a.m.•42 views

CVE-2004-1896

Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.

7.6CVSS8AI score0.24909EPSS

CVE•added 2005/08/16 4:0 a.m.•40 views

CVE-2004-2384

NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.

5CVSS6.8AI score0.01112EPSS

CVE•added 2005/11/16 9:17 p.m.•36 views

CVE-2002-2195

Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.

5CVSS8.3AI score0.05386EPSS

CVE•added 2005/01/29 5:0 a.m.•36 views

CVE-2004-1150

Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.

5.1CVSS7.9AI score0.06625EPSS

CVE•added 2005/02/12 5:0 a.m.•36 views

CVE-2004-1396

Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.

2.6CVSS6.9AI score0.02613EPSS

CVE•added 2005/11/16 7:37 a.m.•35 views

CVE-2003-1272

Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.

9.3CVSS8AI score0.02501EPSS

CVE•added 2005/11/16 7:37 a.m.•34 views

CVE-2003-1274

Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.

5CVSS6.6AI score0.00655EPSS