Integer Overflow Vulnerability in Winamp Plugin
CVE-2010-4370

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
Vendor
CVE Published:
2 December 2010

What is CVE-2010-4370?

The in_midi plugin in Winamp prior to version 5.6 is susceptible to multiple integer overflow vulnerabilities. These flaws can be exploited by remote attackers through specially crafted MIDI files, resulting in buffer overflows that allow arbitrary code execution. Users of affected Winamp versions are advised to upgrade to the latest secure version to mitigate these risks.

References

http://secunia.com/advisories/42004
third-party-advisoryx_refsource_SECUNIA
http://forums.winamp.com/showthread.php?threadid=159785
x_refsource_CONFIRM
http://forums.winamp.com/showthread.php?t=324322
x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.