Integer Overflow Vulnerability in Winamp Module Decoder Plug-in
CVE-2009-3997

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
Vendor
CVE Published:
18 December 2009

What is CVE-2009-3997?

A critical integer overflow vulnerability exists within the IN_MOD.DLL (Module Decoder Plug-in) of Winamp prior to version 5.57. This flaw may allow remote attackers to execute arbitrary code on affected systems by tricking users into opening a specially crafted Oktalyzer file. The exploitation of this vulnerability can result in a heap-based buffer overflow, posing significant risks to system integrity and security.

References

http://forums.winamp.com/showthread.php?threadid=315355
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/508524/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/37374
vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.