Integer Overflow and Buffer Overflow Vulnerability in Nullsoft Winamp
CVE-2009-1831

Currently unrated

Key Information:

Vendor: Nullsoft
Status: Winamp
Vendor: CVE Published:; 29 May 2009

What is CVE-2009-1831?

The Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp prior to version 5.552 contains a vulnerability that allows remote attackers to execute arbitrary code through a specially crafted MAKI file. This security issue arises from improper sign extension, leading to an integer overflow and subsequent stack-based buffer overflow, which can compromise the integrity and security of affected systems.

References

http://www.securityfocus.com/bid/35052

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/8783

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/50664

vdb-entryx_refsource_XF

EPSS Score

81% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2009
Vulnerability Reserved
May 29, 2009