Vulnerability Description
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nullsoft | Winamp | 5.07 |
References
- http://forums.winamp.com/showthread.php?s=&threadid=202007Exploit
- http://marc.info/?l=bugtraq&m=110297310503541&w=2
- http://marc.info/?l=full-disclosure&m=110303988101973&w=2
- http://securitytracker.com/alerts/2004/Dec/1012525.html
- http://www.kb.cert.org/vuls/id/372968US Government Resource
- http://www.securityfocus.com/bid/11909
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18466
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18467
- http://forums.winamp.com/showthread.php?s=&threadid=202007Exploit
- http://marc.info/?l=bugtraq&m=110297310503541&w=2
- http://marc.info/?l=full-disclosure&m=110303988101973&w=2
- http://securitytracker.com/alerts/2004/Dec/1012525.html
- http://www.kb.cert.org/vuls/id/372968US Government Resource
- http://www.securityfocus.com/bid/11909
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18466
FAQ
What is CVE-2004-1396?
CVE-2004-1396 is a vulnerability with a CVSS score of 2.6 (LOW). Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data ...
How severe is CVE-2004-1396?
CVE-2004-1396 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1396?
Check the references section above for vendor advisories and patch information. Affected products include: Nullsoft Winamp.