9.3
CVE-2009-4356
- EPSS 4.97%
- Veröffentlicht 18.12.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.97% | 0.911 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://forums.winamp.com/showthread.php?threadid=315355
http://www.securityfocus.com/archive/1/508532/100/0/threaded
http://www.securityfocus.com/bid/37387
http://www.vupen.com/english/advisories/2009/3576
http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743