Page 5 of 23 results (0.002 seconds)

CVSS: 9.3EPSS: 41%CPEs: 25EXPL: 0

Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. Desbordamiento de entero en libsndfile v1,0,18, usado en Winamp y otros productos, permite a atacantes dependientes de contexto la ejecución de código de su elección a través de un trozo de descripción manipulada en un archivo de audio CAF, permitiendo un desbordamiento de búfer basado en montículo. • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/33980 http://secunia.com/advisories/33981 http://secunia.com/advisories/34316 http://secunia.com/advisories/34526 http://secunia.com/advisories/34642 http://secunia.com/advisories/34791 http://secunia.com/secunia_research/2009-7 http://secunia.com/secunia_research/2009-8 http://security.gentoo.org/glsa/glsa-200904-16.xml http://www.debian.org/security/2009/dsa-1742 http& • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 90%CPEs: 83EXPL: 1

Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file. Múltiples desbordamientos de búfer en Winamp v5.541 y anteriores, permiten a atacantes remotos provocar una denegación de servicio y posiblemente ejecución código de su eledcción a través de (1) un valor de cabecera Common Chunk (COMM) largo en un fichero AIFF y (2) un valor inválido largo en un fichero MP3. • https://www.exploit-db.com/exploits/7742 http://secunia.com/advisories/33478 http://www.securityfocus.com/bid/33226 http://www.vupen.com/english/advisories/2009/0113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0

Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. Una vulnerabilidad de tipo cross-zone scripting en la función NowPlaying en NullSoft Winamp anterior a versión 5.541, permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS) por medio de un archivo MP3 con JavaScript en etiquetas id3. • http://blog.watchfire.com/wfblog/2008/09/winamp-nowplayi.html http://forums.winamp.com/showthread.php?threadid=295505 http://secunia.com/advisories/31371 http://www.securityfocus.com/bid/30539 https://exchange.xforce.ibmcloud.com/vulnerabilities/44207 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •