Vulnerability Description
Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nullsoft | Winamp | <= 5.56 |
Related Weaknesses (CWE)
References
- http://forums.winamp.com/showthread.php?threadid=315355Patch
- http://www.securityfocus.com/archive/1/508532/100/0/threaded
- http://www.securityfocus.com/bid/37387
- http://www.vupen.com/english/advisories/2009/3576Vendor Advisory
- http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_OverfloExploitVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://forums.winamp.com/showthread.php?threadid=315355Patch
- http://www.securityfocus.com/archive/1/508532/100/0/threaded
- http://www.securityfocus.com/bid/37387
- http://www.vupen.com/english/advisories/2009/3576Vendor Advisory
- http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_OverfloExploitVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2009-4356?
CVE-2009-4356 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.
How severe is CVE-2009-4356?
CVE-2009-4356 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4356?
Check the references section above for vendor advisories and patch information. Affected products include: Nullsoft Winamp.