Nullsoft: Security Vulnerabilities
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
CVSS Score
9.3
EPSS Score
0.091
Published
2006-06-26
Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ.
CVSS Score
4.3
EPSS Score
0.006
Published
2006-06-13
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
CVSS Score
7.6
EPSS Score
0.139
Published
2006-02-23
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
CVSS Score
9.3
EPSS Score
0.162
Published
2006-02-15
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
CVSS Score
7.6
EPSS Score
0.886
Published
2006-01-31
Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.
CVSS Score
7.6
EPSS Score
0.271
Published
2005-12-31
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
CVSS Score
9.3
EPSS Score
0.077
Published
2005-07-19
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
CVSS Score
10.0
EPSS Score
0.522
Published
2005-01-10
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
CVSS Score
5.1
EPSS Score
0.066
Published
2004-12-31
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
CVSS Score
2.6
EPSS Score
0.026
Published
2004-12-31