Integer Overflow Vulnerability in Winamp Plugin
CVE-2011-3834

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
Vendor
CVE Published:
16 December 2011

What is CVE-2011-3834?

The in_avi.dll plugin in Winamp prior to version 5.623 contains multiple integer overflow vulnerabilities that can be exploited by remote attackers. By crafting specific AVI files, attackers can manipulate the number of streams or the size of the RIFF INFO chunk. This manipulation may lead to a heap-based buffer overflow, allowing for arbitrary code execution on the affected system, putting users at significant risk. It is crucial to apply updates to mitigate potential exploitation.

References

http://secunia.com/secunia_research/2011-81/
x_refsource_MISC
http://forums.winamp.com/showthread.php?t=332010
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.