Filtered by vendor Nullsoft
Subscriptions
Filtered by product Winamp
Subscriptions
Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3997 | 1 Nullsoft | 1 Winamp | 2025-04-09 | N/A |
| Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow. | ||||
| CVE-2007-4392 | 1 Nullsoft | 1 Winamp | 2025-04-09 | N/A |
| Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. | ||||
| CVE-2009-4356 | 1 Nullsoft | 1 Winamp | 2025-04-09 | N/A |
| Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file. | ||||
| CVE-2009-3995 | 3 Nullsoft, Raphael Assenat, Redhat | 3 Winamp, Libmikmod, Enterprise Linux | 2025-04-09 | N/A |
| Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0833 | 2 Myplugins, Nullsoft | 2 Gen Msn, Winamp | 2025-04-09 | N/A |
| Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4619 | 3 Flac, Nullsoft, Redhat | 3 Libflac, Winamp, Enterprise Linux | 2025-04-09 | N/A |
| Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. | ||||
| CVE-2009-1788 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2025-04-09 | N/A |
| Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value. | ||||
| CVE-2009-1791 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2025-04-09 | N/A |
| Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value. | ||||
| CVE-2007-1922 | 1 Nullsoft | 1 Winamp | 2025-04-09 | N/A |
| The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. | ||||
| CVE-2007-2180 | 1 Nullsoft | 1 Winamp | 2025-04-09 | N/A |
| Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. | ||||
| CVE-2009-0186 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2025-04-09 | N/A |
| Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. | ||||
| CVE-2008-3441 | 1 Nullsoft | 1 Winamp | 2025-04-09 | N/A |
| Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
| CVE-2008-3567 | 1 Nullsoft | 1 Winamp | 2025-04-09 | N/A |
| Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. | ||||
| CVE-2009-0263 | 1 Nullsoft | 1 Winamp | 2025-04-09 | N/A |
| Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file. | ||||
| CVE-2005-2310 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. | ||||
| CVE-2001-0490 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file. | ||||
| CVE-2002-1177 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag. | ||||
| CVE-2002-2392 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. | ||||
| CVE-2003-0765 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. | ||||
| CVE-2004-1150 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | ||||