Lucene search

[email protected]NVD:CVE-2009-4356

HistoryDec 18, 2009 - 7:30 p.m.

CVE-2009-4356

2009-12-1819:30:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.049

Percentile

93.0%

JSON

Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.

Affected configurations

Nvd

Node

nullsoftwinampRange≤5.56

nullsoftwinampMatch0.20a

nullsoftwinampMatch0.92

nullsoftwinampMatch1.006

nullsoftwinampMatch1.90

nullsoftwinampMatch2.0

nullsoftwinampMatch2.4

nullsoftwinampMatch2.5e

nullsoftwinampMatch2.6

nullsoftwinampMatch2.6x

nullsoftwinampMatch2.7x

nullsoftwinampMatch2.9

nullsoftwinampMatch2.10

nullsoftwinampMatch2.24

nullsoftwinampMatch2.50

nullsoftwinampMatch2.60

nullsoftwinampMatch2.60full

nullsoftwinampMatch2.60lite

nullsoftwinampMatch2.61

nullsoftwinampMatch2.61full

nullsoftwinampMatch2.62

nullsoftwinampMatch2.62standard

nullsoftwinampMatch2.64

nullsoftwinampMatch2.64standard

nullsoftwinampMatch2.65

nullsoftwinampMatch2.70

nullsoftwinampMatch2.70full

nullsoftwinampMatch2.71

nullsoftwinampMatch2.72

nullsoftwinampMatch2.73

nullsoftwinampMatch2.73full

nullsoftwinampMatch2.74

nullsoftwinampMatch2.75

nullsoftwinampMatch2.76

nullsoftwinampMatch2.77

nullsoftwinampMatch2.78

nullsoftwinampMatch2.79

nullsoftwinampMatch2.80

nullsoftwinampMatch2.81

nullsoftwinampMatch2.90

nullsoftwinampMatch2.91

nullsoftwinampMatch2.92

nullsoftwinampMatch2.95

nullsoftwinampMatch3.0

nullsoftwinampMatch3.1

nullsoftwinampMatch5.0

nullsoftwinampMatch5.0.1

nullsoftwinampMatch5.0.2

nullsoftwinampMatch5.01

nullsoftwinampMatch5.1

nullsoftwinampMatch5.1-surround

nullsoftwinampMatch5.02

nullsoftwinampMatch5.2

nullsoftwinampMatch5.3

nullsoftwinampMatch5.03

nullsoftwinampMatch5.03a

nullsoftwinampMatch5.04

nullsoftwinampMatch5.05

nullsoftwinampMatch5.5

nullsoftwinampMatch5.06

nullsoftwinampMatch5.07

nullsoftwinampMatch5.08

nullsoftwinampMatch5.08c

nullsoftwinampMatch5.08d

nullsoftwinampMatch5.08e

nullsoftwinampMatch5.08c

nullsoftwinampMatch5.08d

nullsoftwinampMatch5.08e

nullsoftwinampMatch5.09

nullsoftwinampMatch5.11

nullsoftwinampMatch5.12

nullsoftwinampMatch5.13

nullsoftwinampMatch5.21

nullsoftwinampMatch5.22

nullsoftwinampMatch5.23

nullsoftwinampMatch5.24

nullsoftwinampMatch5.31

nullsoftwinampMatch5.32

nullsoftwinampMatch5.33

nullsoftwinampMatch5.34

nullsoftwinampMatch5.35

nullsoftwinampMatch5.36

nullsoftwinampMatch5.51

nullsoftwinampMatch5.52

nullsoftwinampMatch5.53

nullsoftwinampMatch5.54

nullsoftwinampMatch5.55

nullsoftwinampMatch5.091

nullsoftwinampMatch5.093

nullsoftwinampMatch5.094

nullsoftwinampMatch5.111

nullsoftwinampMatch5.112

nullsoftwinampMatch5.531

nullsoftwinampMatch5.541

nullsoftwinampMatch5.551

nullsoftwinampMatch5.552

VendorProductVersionCPE
nullsoftwinamp*cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*
nullsoftwinamp0.20acpe:2.3:a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*
nullsoftwinamp0.92cpe:2.3:a:nullsoft:winamp:0.92:*:*:*:*:*:*:*
nullsoftwinamp1.006cpe:2.3:a:nullsoft:winamp:1.006:*:*:*:*:*:*:*
nullsoftwinamp1.90cpe:2.3:a:nullsoft:winamp:1.90:*:*:*:*:*:*:*
nullsoftwinamp2.0cpe:2.3:a:nullsoft:winamp:2.0:*:*:*:*:*:*:*
nullsoftwinamp2.4cpe:2.3:a:nullsoft:winamp:2.4:*:*:*:*:*:*:*
nullsoftwinamp2.5ecpe:2.3:a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*
nullsoftwinamp2.6cpe:2.3:a:nullsoft:winamp:2.6:*:*:*:*:*:*:*
nullsoftwinamp2.6xcpe:2.3:a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nullsoft	winamp	*	cpe:2.3:a:nullsoft:winamp::::::::
nullsoft	winamp	0.20a	cpe:2.3:a:nullsoft:winamp:0.20a:::::::*
nullsoft	winamp	0.92	cpe:2.3:a:nullsoft:winamp:0.92:::::::*
nullsoft	winamp	1.006	cpe:2.3:a:nullsoft:winamp:1.006:::::::*
nullsoft	winamp	1.90	cpe:2.3:a:nullsoft:winamp:1.90:::::::*
nullsoft	winamp	2.0	cpe:2.3:a:nullsoft:winamp:2.0:::::::*
nullsoft	winamp	2.4	cpe:2.3:a:nullsoft:winamp:2.4:::::::*
nullsoft	winamp	2.5e	cpe:2.3:a:nullsoft:winamp:2.5e:::::::*
nullsoft	winamp	2.6	cpe:2.3:a:nullsoft:winamp:2.6:::::::*
nullsoft	winamp	2.6x	cpe:2.3:a:nullsoft:winamp:2.6x:::::::*

Rows per page:

1-10 of 961

References

forums.winamp.com/showthread.php?threadid=315355

www.securityfocus.com/archive/1/508532/100/0/threaded

www.securityfocus.com/bid/37387

www.vupen.com/english/advisories/2009/3576

www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.049

Percentile

93.0%

JSON

Related for NVD:CVE-2009-4356

cve1 cvelist1 prion1 openvas2 nessus1