CVSS: 7.5EPSS: 11%CPEs: 55EXPL: 4CVE-2014-3442 – Winamp - '.flv' File Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2014-3442
16 May 2014 — Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. Winamp 5.666 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de un archivo .FLV malformado, relacionado con f263.w5s. WinAMP versions 5.666 build 3516 and below suffer from a memory corruption vulnerability. • https://packetstorm.news/files/id/126636 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 50%CPEs: 66EXPL: 10CVE-2013-4694 – Winamp 5.63 - Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4694
01 Jul 2013 — Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as ... • https://packetstorm.news/files/id/122239 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 62EXPL: 0CVE-2012-3889
https://notcve.org/view.php?id=CVE-2012-3889
11 Jul 2012 — The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. El plug-in in_mod de Winamp antes de v5.63 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un fichero .IT. • http://forums.winamp.com/showthread.php?t=345684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 62EXPL: 0CVE-2012-3890
https://notcve.org/view.php?id=CVE-2012-3890
11 Jul 2012 — The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. El plug-in in_mod en Winamp antes de v5.63 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinamica 'heap') o posiblemente tener un impacto no especificado a través de un fichero .IT. • http://forums.winamp.com/showthread.php?t=345684 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 60EXPL: 0CVE-2011-3834
https://notcve.org/view.php?id=CVE-2011-3834
16 Dec 2011 — Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow. Múltiples desbordamientos de entero en el componente in_avi.dll de Winamp en versiones anteriores de 5.623. Permite a atacantes remotos ejecutar código arbitrario a través de un archivo AVI con un valor modificado de (1) el número de stream... • http://forums.winamp.com/showthread.php?t=332010 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 12%CPEs: 60EXPL: 0CVE-2011-4857
https://notcve.org/view.php?id=CVE-2011-4857
16 Dec 2011 — Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer de memoria dinámica en el complemento in_mod.dll de Winamp en versiones anteriores a la 5.623 permite a atacantes remotos ejecutar código arbitrario a través de datos de canciones modificados de un archivo Impulse Tracker (IT). ... • http://forums.winamp.com/showthread.php?t=332010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 57EXPL: 0CVE-2010-2586
https://notcve.org/view.php?id=CVE-2010-2586
02 Dec 2010 — Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en el plugin in_nsv en Winamp anterior a v5.6 permite a atacantes remotos tener un impacto no especificado través tabla de contenidos (TOC) manipulada en un (1) flujo NSV o (2) fichero NSV provocando un desbordamiento de pila. • http://forums.winamp.com/showthread.php?t=324322 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 6%CPEs: 57EXPL: 0CVE-2010-4370
https://notcve.org/view.php?id=CVE-2010-4370
02 Dec 2010 — Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow. Múltiples desbordamientos enteros en el plugin in_midi en Winamp anterior a versión 5.6, permiten a los atacantes remotos ejecutar código arbitrario por medio de un archivo MIDI especialmente diseñado que desencadena un desbordamiento de búfer. • http://forums.winamp.com/showthread.php?t=324322 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 8%CPEs: 57EXPL: 3CVE-2010-4371 – Winamp 5.5.8.2985 - Multiple Buffer Overflows
https://notcve.org/view.php?id=CVE-2010-4371
02 Dec 2010 — Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box. Desbordamiento de búfer en el plugin in_mod en Winamp anterior a v5.6 permite tener un impacto no especificado a través de vectores relacionados con el cuadro comment. • https://www.exploit-db.com/exploits/15248 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 57EXPL: 0CVE-2010-4372
https://notcve.org/view.php?id=CVE-2010-4372
02 Dec 2010 — Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586. Desbordamiento de entero en el plugin in_nsv en Winamp anterior a v5.6 permite a atacantes remotos tener un impacto no especificado través de vectores relacionados con la asignación incorrecta de la memoria para los metadatos NSV, una vulnerabilidad diferente a CVE-2010-2586. • http://forums.winamp.com/showthread.php?t=324322 • CWE-189: Numeric Errors •