Winamp

winamp

Vendor: Nullsoft • 61 CVEs

CVEs (61)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-1791 2Mega Nerd Nullsoft 2Libsndfile Winamp Apr 23, 2026 May 26, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and...Show more Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.Show less
CVE-2009-1788 2Mega Nerd Nullsoft 2Libsndfile Winamp Apr 23, 2026 May 26, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and p...Show more Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.Show less
CVE-2009-0186 2Mega Nerd Nullsoft 2Libsndfile Winamp Apr 23, 2026 Mar 5, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer...Show more Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.Show less
CVE-2009-0263 1Nullsoft 1Winamp Apr 23, 2026 Jan 23, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a lar...Show more Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.Show less
CVE-2008-3567 1Nullsoft 1Winamp Apr 23, 2026 Aug 10, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
CVE-2008-3441 1Nullsoft 1Winamp Apr 23, 2026 Aug 1, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache p...Show more Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.Show less
CVE-2007-4619 2Flac Nullsoft 2Libflac Winamp Apr 23, 2026 Oct 12, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC fi...Show more Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.Show less
CVE-2007-4392 1Nullsoft 1Winamp Apr 23, 2026 Aug 17, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.
CVE-2007-2498 1Nullsoft 1Winamp Apr 23, 2026 May 4, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.
CVE-2007-2180 1Nullsoft 1Winamp Apr 23, 2026 Apr 24, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
CVE-2007-1922 1Nullsoft 1Winamp Apr 23, 2026 Apr 10, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that...Show more The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.Show less
CVE-2007-1921 1Nullsoft 1Winamp Apr 23, 2026 Apr 10, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers m...Show more LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.Show less
CVE-2006-5567 1Nullsoft 1Winamp Apr 23, 2026 Oct 27, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) uns...Show more Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.Show less
CVE-2006-3228 1Nullsoft 1Winamp Apr 16, 2026 Jun 26, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
CVE-2006-0720 1Nullsoft 1Winamp Apr 16, 2026 Feb 23, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncp...Show more Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.Show less
CVE-2006-0708 1Nullsoft 1Winamp Apr 16, 2026 Feb 15, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long...Show more Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.Show less
CVE-2006-0476 1Nullsoft 1Winamp Apr 16, 2026 Jan 31, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
CVE-2005-3188 1Nullsoft 1Winamp Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 7.6 HIGH· v2 Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a diffe...Show more Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.Show less
CVE-2005-2310 1Nullsoft 1Winamp Apr 16, 2026 Jul 19, 2005 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
CVE-2004-1119 1Nullsoft 1Winamp Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.

Previous 123 4 Next