Nullsoft

Winamp

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2009-1791

  • EPSS 8.48%
  • Veröffentlicht 26.05.2009 17:30:02
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary cod...

9.3

CVE-2009-1788

Exploit
  • EPSS 8.57%
  • Veröffentlicht 26.05.2009 16:30:02
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code...

9.3

CVE-2009-0186

  • EPSS 4.24%
  • Veröffentlicht 05.03.2009 02:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.

10

CVE-2009-0263

  • EPSS 18.3%
  • Veröffentlicht 23.01.2009 19:00:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 fil...

4.3

CVE-2008-3567

  • EPSS 0.58%
  • Veröffentlicht 10.08.2008 20:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.

7.5

CVE-2008-3441

  • EPSS 1.08%
  • Veröffentlicht 01.08.2008 14:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

9.3

CVE-2007-4619

  • EPSS 7.86%
  • Veröffentlicht 12.10.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memo...

4.3

CVE-2007-4392

  • EPSS 1.06%
  • Veröffentlicht 17.08.2007 22:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.

9.3

CVE-2007-2498

Exploit
  • EPSS 8.9%
  • Veröffentlicht 04.05.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.

7.1

CVE-2007-2180

Exploit
  • EPSS 9.4%
  • Veröffentlicht 24.04.2007 17:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.