Vulnerabilities > Nullsoft > Winamp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-23 | CVE-2014-3442 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. | 4.3 |
| 2012-07-11 | CVE-2012-3890 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. | 6.8 |
| 2012-07-11 | CVE-2012-3889 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. | 6.8 |
| 2010-12-02 | CVE-2010-4374 | Resource Management Errors vulnerability in Nullsoft Winamp The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length. | 4.3 |
| 2010-12-02 | CVE-2010-4373 | Denial-Of-Service vulnerability in Winamp The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file. network nullsoft | 4.3 |
| 2008-08-10 | CVE-2008-3567 | Cross-Site Scripting vulnerability in Nullsoft Winamp Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. | 4.3 |
| 2007-08-17 | CVE-2007-4392 | Denial-Of-Service vulnerability in Nullsoft Winamp 5.35 Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. network nullsoft | 4.3 |
| 2004-12-31 | CVE-2004-2384 | Denial of Service vulnerability in Nullsoft Winamp 5.02 NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line. | 5.0 |
| 2004-12-31 | CVE-2004-1150 | Remote Buffer Overflow vulnerability in Nullsoft Winamp Variant Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | 5.1 |
| 2004-08-28 | CVE-2004-0820 | Local Security vulnerability in Winamp Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. | 4.6 |