Every CVE whose affected-product data names Nullsoft Winamp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (61)
CVE-2011-4857 — CVSS 10.0 (critical): Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted…
CVE-2009-0263 — CVSS 10.0 (critical): Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary…
CVE-2004-1119 — CVSS 10.0 (critical): Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute…
CVE-2009-1831 — CVSS 9.3 (critical): The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via…
CVE-2005-2310 — CVSS 9.3 (critical): Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an…
CVE-2006-0708 — CVSS 9.3 (critical): Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file…
CVE-2006-3228 — CVSS 9.3 (critical): Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted…
CVE-2006-5567 — CVSS 9.3 (critical): Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via…
CVE-2007-1921 — CVSS 9.3 (critical): LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a…
CVE-2007-1922 — CVSS 9.3 (critical): The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute…
CVE-2009-4356 — CVSS 9.3 (critical): Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via…
CVE-2007-2498 — CVSS 9.3 (critical): libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE…
CVE-2009-3997 — CVSS 9.3 (critical): Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary…
CVE-2007-4619 — CVSS 9.3 (critical): Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow…
CVE-2009-3996 — CVSS 9.3 (critical): Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote…
CVE-2009-0186 — CVSS 9.3 (critical): Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code…
CVE-2009-1788 — CVSS 9.3 (critical): Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media…
CVE-2009-1791 — CVSS 9.3 (critical): Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media…
CVE-2009-3995 — CVSS 9.3 (critical): Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might…
CVE-2011-3834 — CVSS 9.3 (critical): Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file…
CVE-2003-1272 — CVSS 9.3 (critical): Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via…
CVE-2010-4372 — CVSS 9.3 (critical): Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to…
CVE-2010-4371 — CVSS 9.3 (critical): Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the…
CVE-2010-4370 — CVSS 9.3 (critical): Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI…
CVE-2010-3137 — CVSS 9.3 (critical): Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote…
CVE-2010-2586 — CVSS 9.3 (critical): Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a…
CVE-2010-1523 — CVSS 9.3 (critical): Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to…
CVE-2004-1896 — CVSS 7.6 (high): Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a…
CVE-2005-3188 — CVSS 7.6 (high): Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line…
CVE-2006-0720 — CVSS 7.6 (high): Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and…
CVE-2006-0476 — CVSS 7.6 (high): Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name…
CVE-2002-1524 — CVSS 7.5 (high): Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal)…
CVE-2012-4045 — CVSS 7.5 (high): Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the…
CVE-2013-4694 — CVSS 7.5 (high): Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash)…
CVE-2002-0546 — CVSS 7.5 (high): Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or…
CVE-2003-0765 — CVSS 7.5 (high): The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a…
CVE-2008-3441 — CVSS 7.5 (high): Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute…
CVE-2001-0490 — CVSS 7.5 (high): Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
CVE-2000-0624 — CVSS 7.5 (high): Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U…
CVE-2002-0547 — CVSS 7.5 (high): Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly…
CVE-2002-1176 — CVSS 7.5 (high): Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
CVE-2002-1177 — CVSS 7.5 (high): Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary…
CVE-2000-0049 — CVSS 7.2 (high): Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
CVE-2007-2180 — CVSS 7.1 (high): Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
CVE-2012-3889 — CVSS 6.8 (medium): The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have…
CVE-2012-3890 — CVSS 6.8 (medium): The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have…
CVE-2002-2392 — CVSS 6.4 (medium): Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL…
CVE-2004-1150 — CVSS 5.1 (medium): Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda://…
CVE-2002-2195 — CVSS 5.0 (medium): Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute…
CVE-2003-1274 — CVSS 5.0 (medium): Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter…
CVE-2004-2384 — CVSS 5.0 (medium): NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the…
CVE-2004-0820 — CVSS 4.6 (medium): Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are…
CVE-2014-3442 — CVSS 4.3 (medium): Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file…
CVE-2007-4392 — CVSS 4.3 (medium): Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that…
CVE-2010-4373 — CVSS 4.3 (medium): The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or…
CVE-2010-4374 — CVSS 4.3 (medium): The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV)…
CVE-2008-3567 — CVSS 4.3 (medium): Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct…
CVE-2004-1396 — CVSS 2.6 (low): Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via…
CVE-2002-0284 — CVSS 2.6 (low): Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the…
CVE-2003-1273 — CVSS 2.1 (low): Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English…
CVE-2002-2412 — CVSS 2.1 (low): Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows…