CVE-2009-4356

2009-12-1819:00:00

mitre

www.cve.org

AI Score

7.6

Confidence

High

EPSS

0.049

Percentile

93.0%

JSON

Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.

References

forums.winamp.com/showthread.php?threadid=315355

www.securityfocus.com/archive/1/508532/100/0/threaded

www.securityfocus.com/bid/37387

www.vupen.com/english/advisories/2009/3576

www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743