CVE Tools

nullsoft

Consumer Softwarecommercial

65

Cumulative CVEs

33

Monthly snapshots

#14

Peak rank

Top products

nullsoft scriptable install system2

Latest CVEs

The 15 most recently published vulnerabilities affecting nullsoft.

CVE-2026-42171NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_Get...7.8Apr 24, 2026
CVE-2025-43715Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under...8.1Apr 17, 2025
CVE-2023-37378Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.5.3Jul 3, 2023
CVE-2015-9267Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or ...5.5Oct 1, 2018
CVE-2015-9268Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the depe...7.8Oct 1, 2018
CVE-2014-3442Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.4.3May 23, 2014
CVE-2013-4694Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a ...7.5Apr 16, 2014
CVE-2012-4045Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI f...7.5Jul 22, 2012
CVE-2012-3889The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.6.8Jul 11, 2012
CVE-2012-3890The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.6.8Jul 11, 2012
CVE-2011-3834Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2)...9.3Dec 16, 2011
CVE-2011-4857Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: so...10.0Dec 16, 2011
CVE-2010-4370Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.9.3Dec 2, 2010
CVE-2010-4373The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.4.3Dec 2, 2010
CVE-2010-4372Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different v...9.3Dec 2, 2010