Vulnerabilities > Nullsoft > Winamp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-16 | CVE-2013-4694 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. | 7.5 |
| 2012-07-22 | CVE-2012-4045 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. | 7.5 |
| 2008-08-01 | CVE-2008-3441 | Code Injection vulnerability in Nullsoft Winamp Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | 7.5 |
| 2007-04-24 | CVE-2007-2180 | Denial of Service vulnerability in Nullsoft Winamp 5.3 Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. network nullsoft | 7.1 |
| 2006-02-23 | CVE-2006-0720 | Buffer Overflow vulnerability in Nullsoft Winamp M3U File Processing Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | 7.6 |
| 2006-01-31 | CVE-2006-0476 | Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.12 Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | 7.6 |
| 2005-12-31 | CVE-2005-3188 | Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.094 Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | 7.6 |
| 2004-12-31 | CVE-2004-1896 | Heap Overflow vulnerability in NullSoft Winamp in_mod.dll Plug-in Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. | 7.6 |
| 2003-09-17 | CVE-2003-0765 | Remote Security vulnerability in Winamp The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. | 7.5 |
| 2003-04-02 | CVE-2002-1524 | Buffer Overflow vulnerability in Nullsoft Winamp 3.0 Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. | 7.5 |