Vulnerabilities > Nullsoft > Winamp > 5.03

DATE CVE VULNERABILITY TITLE RISK
2014-05-23 CVE-2014-3442 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
network
nullsoft CWE-119
4.3
2014-04-16 CVE-2013-4694 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name.
network
low complexity
nullsoft CWE-119
7.5
2012-07-22 CVE-2012-4045 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file.
network
low complexity
nullsoft CWE-119
7.5
2012-07-11 CVE-2012-3890 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.
network
nullsoft CWE-119
6.8
2012-07-11 CVE-2012-3889 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.
network
nullsoft CWE-119
6.8
2011-12-16 CVE-2011-4857 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp
Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file.
network
low complexity
nullsoft CWE-119
critical
10.0
2011-12-16 CVE-2011-3834 Numeric Errors vulnerability in Nullsoft Winamp
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
network
nullsoft CWE-189
critical
9.3
2010-12-02 CVE-2010-4374 Resource Management Errors vulnerability in Nullsoft Winamp
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.
network
nullsoft CWE-399
4.3
2010-12-02 CVE-2010-4373 Denial-Of-Service vulnerability in Winamp
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.
network
nullsoft
4.3
2010-12-02 CVE-2010-4372 Numeric Errors vulnerability in Nullsoft Winamp
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.
network
nullsoft CWE-189
critical
9.3