Winamp
This hub aggregates every CVE we track for Winamp, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.
66
CVEs tracked
27
Critical
22
High
0
In CISA KEV
Severity distribution
CRITICAL27HIGH22MEDIUM13LOW4
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Winamp.
- CVE-2013-4695Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution7.8
- CVE-2017-10727Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Branch Selection s...7.8
- CVE-2017-10726Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address may be used as a return val...7.8
- CVE-2017-10728Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Error Code (0xe06d7363) starting at wow64!Wow64NotifyD...7.8
- CVE-2017-10725Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Code Flow starting at i...7.3
- CVE-2014-3442Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.4.3
- CVE-2013-4694Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a ...7.5
- CVE-2012-4045Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI f...7.5
- CVE-2012-3889The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file.6.8
- CVE-2012-3890The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file.6.8
- CVE-2011-4857Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: so...10.0
- CVE-2011-3834Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2)...9.3
- CVE-2010-4370Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.9.3
- CVE-2010-4373The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.4.3
- CVE-2010-4372Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different v...9.3
Product normalization is registry-driven with AI assist and human review. How it works