CVE-2009-4356

high

Description

Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743

http://www.vupen.com/english/advisories/2009/3576

http://www.securityfocus.com/bid/37387

http://www.securityfocus.com/archive/1/508532/100/0/threaded

http://forums.winamp.com/showthread.php?threadid=315355

Details

Source: Mitre, NVD

Published: 2009-12-18

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H