Heap-Based Buffer Overflow in Winamp Module Decoder Plug-in by Nullsoft
CVE-2009-3995

Currently unrated

Key Information:

Vendor: Nullsoft
Status: Winamp; LIBMikmod
Vendor: CVE Published:; 18 December 2009

What is CVE-2009-3995?

Multiple heap-based buffer overflows exist within the IN_MOD.DLL module in Winamp versions prior to 5.57 and libmikmod 3.1.12. These vulnerabilities may allow remote attackers to execute arbitrary code by sending crafted samples or instrument definitions within Impulse Tracker files. The implications of these vulnerabilities can lead to significant security risks, potentially compromising the affected systems.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://secunia.com/secunia_research/2009-53/

x_refsource_MISC

http://secunia.com/secunia_research/2009-52/

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2009
Vulnerability Reserved
Nov 19, 2009