Vulnerabilities > Nullsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-16 | CVE-2013-4694 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. | 7.5 |
| 2012-07-22 | CVE-2012-4045 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. | 7.5 |
| 2008-08-01 | CVE-2008-3441 | Code Injection vulnerability in Nullsoft Winamp Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | 7.5 |
| 2007-04-24 | CVE-2007-2180 | Denial of Service vulnerability in Nullsoft Winamp 5.3 Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. network nullsoft | 7.1 |
| 2006-07-12 | CVE-2006-3534 | Directory Traversal vulnerability in Shoutcast Server Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | 7.8 |
| 2006-02-23 | CVE-2006-0720 | Buffer Overflow vulnerability in Nullsoft Winamp M3U File Processing Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | 7.6 |
| 2006-01-31 | CVE-2006-0476 | Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.12 Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | 7.6 |
| 2005-12-31 | CVE-2005-3188 | Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.094 Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | 7.6 |
| 2004-12-31 | CVE-2004-1896 | Heap Overflow vulnerability in NullSoft Winamp in_mod.dll Plug-in Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. | 7.6 |
| 2004-12-23 | CVE-2004-1373 | Unspecified vulnerability in Nullsoft Shoutcast Server 1.9.4 Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file. | 7.5 |