Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_server | 1.9.7 |
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 2.0 |
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | * |
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.6x |
| nullsoft | winamp | 2.7x |
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_server | 1.8.2 |
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_server | 1.8.3 |
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.78 |
| nullsoft | winamp | 2.77 |
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.79 |
| nullsoft | winamp | 2.78 |
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | * |
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_server | 1.8.9 |
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.81 |
Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 3.0 |
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_server | 1.8.9 |
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 3.0 |
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.62 |
| nullsoft | winamp | 2.72 |
| nullsoft | winamp | 2.79 |
| nullsoft | winamp | 2.60 |
| nullsoft | winamp | 2.73 |
| nullsoft | winamp | 2.80 |
| nullsoft | winamp | 2.61 |
| nullsoft | winamp | 2.74 |
| nullsoft | winamp | 2.78 |
| nullsoft | winamp | 2.70 |
| nullsoft | winamp | 2.65 |
| nullsoft | winamp | 2.64 |
| nullsoft | winamp | 2.75 |
| nullsoft | winamp | 2.76 |
| nullsoft | winamp | 2.71 |
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.72 |
| nullsoft | winamp | 2.79 |
| nullsoft | winamp | 2.73 |
| nullsoft | winamp | 2.80 |
| nullsoft | winamp | 3.1 |
| nullsoft | winamp | 2.74 |
| nullsoft | winamp | 2.78 |
| nullsoft | winamp | 2.77 |
| nullsoft | winamp | 2.70 |
| nullsoft | winamp | 2.65 |
| nullsoft | winamp | 2.75 |
| nullsoft | winamp | 2.76 |
| nullsoft | winamp | 2.71 |
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.80 |
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.81 |
| nullsoft | winamp | 3.0 |
| nullsoft | winamp | 3.1 |
| nullsoft | winamp | 2.91 |
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_server | 1.9.2 |
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 3.0 |
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 3.0 |
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 3.0 |
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.81 |
| nullsoft | winamp | 2.62 |
| nullsoft | winamp | 2.72 |
| nullsoft | winamp | 2.79 |
| nullsoft | winamp | 2.60 |
| nullsoft | winamp | 2.73 |
| nullsoft | winamp | 2.80 |
| nullsoft | winamp | 2.50 |
| nullsoft | winamp | 3.1 |
| nullsoft | winamp | 2.5e |
| nullsoft | winamp | 2.61 |
| nullsoft | winamp | 2.74 |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 2.77 |
| nullsoft | winamp | 2.70 |
| nullsoft | winamp | 2.65 |
| nullsoft | winamp | 2.64 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 2.75 |
| nullsoft | winamp | 2.24 |
| nullsoft | winamp | 2.76 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 2.78 |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 3.0 |
| nullsoft | winamp | 2.4 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 2.71 |
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.02 |
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.02 |
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_server | 1.9.4 |
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.07 |
Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 3.0 |
| nullsoft | winamp | 5.0.1 |
| nullsoft | winamp | 5.0.2 |
| nullsoft | winamp | 3.1 |
| nullsoft | winamp | 2.91 |
NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.02 |
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | 5.03a |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.091 |
Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.12 |
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.03 |
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.12 |
Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_server | 1.9.2 |
| nullsoft | shoutcast_server | 1.8.9 |
| nullsoft | shoutcast_server | 1.9.5 |
| nullsoft | shoutcast_server | 1.7.1 |
| nullsoft | shoutcast_server | 1.9.4 |
| nullsoft | shoutcast_server | 1.8.3 |
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.03a |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 3.1 |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 2.90 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.0.2 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 3.0 |
| nullsoft | winamp | 5.0.1 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.2 |
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_server | 1.8.2 |
| nullsoft | shoutcast_server | * |
| nullsoft | shoutcast_server | 1.9.2 |
| nullsoft | shoutcast_server | 1.8.9 |
| nullsoft | shoutcast_server | 1.9.5 |
| nullsoft | shoutcast_server | 1.7.1 |
| nullsoft | shoutcast_server | 1.9.4 |
| nullsoft | shoutcast_server | 1.8.3 |
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | shoutcast_dsp | 1.9.5 |
| nullsoft | shoutcast_dsp | 1.9.6 |
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 2.81 |
| nullsoft | winamp | 5.03a |
| nullsoft | winamp | 2.79 |
| nullsoft | winamp | 2.73 |
| nullsoft | winamp | 2.50 |
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 2.5e |
| nullsoft | winamp | 2.61 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 5.36 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 2.6x |
| nullsoft | winamp | 2.24 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.0.2 |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 2.78 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 3.0 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.7x |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 2.71 |
| nullsoft | winamp | 2.62 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 2.72 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 2.60 |
| nullsoft | winamp | 2.80 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 3.1 |
| nullsoft | winamp | 5.08 |
| nullsoft | winamp | 2.74 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.57 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 2.77 |
| nullsoft | winamp | 2.70 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.65 |
| nullsoft | winamp | 2.90 |
| nullsoft | winamp | 2.64 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 2.75 |
| nullsoft | winamp | 2.76 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.0.1 |
| nullsoft | winamp | 2.4 |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.581 |
Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.581 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 5.6 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.57 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.581 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 5.6 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.57 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 5.36 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.581 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.57 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.61 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.59 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 5.36 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.581 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.57 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.61 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.59 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 2.0 |
| nullsoft | winamp | 2.95 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 5.36 |
| nullsoft | winamp | 1.006 |
| nullsoft | winamp | 2.92 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 2.91 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.581 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 0.92 |
| nullsoft | winamp | 2.6 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 2.9 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 1.90 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 0.20a |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.57 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 2.10 |
| nullsoft | winamp | 5.623 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.61 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.59 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.1 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | winamp | 5.094 |
| nullsoft | winamp | 5.111 |
| nullsoft | winamp | 5.31 |
| nullsoft | winamp | 5.541 |
| nullsoft | winamp | 5.112 |
| nullsoft | winamp | 5.36 |
| nullsoft | winamp | 5.05 |
| nullsoft | winamp | 5.56 |
| nullsoft | winamp | 5.35 |
| nullsoft | winamp | 5.07 |
| nullsoft | winamp | 5.581 |
| nullsoft | winamp | 5.33 |
| nullsoft | winamp | 5.3 |
| nullsoft | winamp | 5.09 |
| nullsoft | winamp | * |
| nullsoft | winamp | 5.551 |
| nullsoft | winamp | 5.08e |
| nullsoft | winamp | 5.01 |
| nullsoft | winamp | 5.552 |
| nullsoft | winamp | 5.12 |
| nullsoft | winamp | 5.22 |
| nullsoft | winamp | 5.58 |
| nullsoft | winamp | 5.24 |
| nullsoft | winamp | 5.51 |
| nullsoft | winamp | 5.0 |
| nullsoft | winamp | 5.63 |
| nullsoft | winamp | 5.23 |
| nullsoft | winamp | 5.06 |
| nullsoft | winamp | 5.04 |
| nullsoft | winamp | 5.57 |
| nullsoft | winamp | 5.32 |
| nullsoft | winamp | 5.531 |
| nullsoft | winamp | 5.02 |
| nullsoft | winamp | 5.08d |
| nullsoft | winamp | 5.54 |
| nullsoft | winamp | 5.623 |
| nullsoft | winamp | 5.5 |
| nullsoft | winamp | 5.13 |
| nullsoft | winamp | 5.55 |
| nullsoft | winamp | 5.61 |
| nullsoft | winamp | 5.52 |
| nullsoft | winamp | 5.091 |
| nullsoft | winamp | 5.093 |
| nullsoft | winamp | 5.59 |
| nullsoft | winamp | 5.11 |
| nullsoft | winamp | 5.34 |
| nullsoft | winamp | 5.08c |
| nullsoft | winamp | 5.21 |
| nullsoft | winamp | 5.53 |
| nullsoft | winamp | 5.03 |
| nullsoft | winamp | 5.572 |
| nullsoft | winamp | 5.2 |
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| nullsoft | nullsoft_scriptable_install_system | * |
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| nullsoft | nullsoft_scriptable_install_system | * |
Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nullsoft | nullsoft_scriptable_install_system | * |