Buffer Overflow in Winamp's gen_jumpex.dll and ml_local.dll
CVE-2013-4694

Currently unrated

Key Information:

Vendor

Nullsoft

Status
Winamp
Vendor
CVE Published:
16 April 2014

What is CVE-2013-4694?

A stack-based buffer overflow vulnerability exists in gen_jumpex.dll of Winamp versions prior to 5.64. This flaw allows remote attackers to potentially crash the application or execute arbitrary code by sending a specially crafted package with a long Skin directory name. Additionally, a second buffer overflow related to the ml_local.dll can be exploited through the application's GUI Search field, posing risks depending on the application's execution environment.

References

http://seclists.org/fulldisclosure/2013/Jul/4
mailing-listx_refsource_FULLDISC
http://www.exploit-db.com/exploits/26558
exploitx_refsource_EXPLOIT-DB
http://forums.winamp.com/showthread.php?t=364291
x_refsource_CONFIRM

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.