Nullsoft: Security Vulnerabilities
Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.
CVSS Score
7.6
EPSS Score
0.249
Published
2004-12-31
NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.
CVSS Score
5.0
EPSS Score
0.011
Published
2004-12-31
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.
CVSS Score
7.5
EPSS Score
0.869
Published
2004-12-23
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
CVSS Score
4.6
EPSS Score
0.018
Published
2004-08-28
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
CVSS Score
2.1
EPSS Score
0.005
Published
2003-12-31
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
CVSS Score
9.3
EPSS Score
0.025
Published
2003-12-31
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
CVSS Score
2.1
EPSS Score
0.002
Published
2003-12-31
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
CVSS Score
5.0
EPSS Score
0.007
Published
2003-12-31
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
CVSS Score
7.5
EPSS Score
0.045
Published
2003-09-17
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
CVSS Score
2.1
EPSS Score
0.001
Published
2003-04-22